Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Errors No Ms Updates


  • Please log in to reply
19 replies to this topic

#1 joyann

joyann

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:10:05 AM

Posted 19 May 2007 - 10:41 PM

Error I get when i try to manully install .net3
error: Windows - no disk
Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c
[Cancel] [Try Again] [Continue]

All choices result in failed install

my hijack file

Logfile of HijackThis v1.99.1
Scan saved at 11:35:27 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\My Downloads\UTorrent\utorrent.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\Joy\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joy\Desktop\dotnetfx3.exe
c:\9643145a7889f73cfeef69591917ab\setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Joy\Desktop\HijackThis.exe
C:\Documents and Settings\Joy\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: (no name) - ¨=07962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - °$49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [µTorrent] "E:\My Downloads\UTorrent\utorrent.exe"
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...p?noreloadredir
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/messenger/AxLoader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152828564678
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www19.wirelesssync.vzw.com/en/SyncInstall.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)


BC AdBot (Login to Remove)

 


#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:08:05 AM

Posted 22 May 2007 - 12:28 PM

Hi joyann,

Welcome to Bleeping Computer. :thumbsup:

Please do me a favor, when you post from now on, do not use any font or size codes. Your log is very hard to read.

Spybot's TeaTimer will interfere with some of the changes we will be making to your system. It needs to be disabled.
Start Spybot.
Click on Mode, select Advanced, and click Yes.
Click the little cross on the Tools line in the left-hand pane, then select Resident.
Uncheck the box labeled Resident "TeaTimer " Active
Do not re-enable until we are finished here.

Also, please disable uTorrent until we are finished.

Your log shows the .NET3 installer running. If you have not done so since you posted this log, please cancel out of all running installation programs.

This is an optional removal. I see you have Viewpoint installed. This is considered foistware rather than malware. It is often installed without the user's knowledge, but it does no damage. If you installed it deliberately, you can keep it. If not, and you wish to uninstall it, click Start, Control Panel then double click Add or Remove Programs. When the list is populated, scroll down and click on Viewpoint to begin the uninstall process. Follow the prompts.

Also, I see that you have the Beta release of HijackThis v2 installed, as well as 1.99. Both are installed on your desktop. The Beta version has not been accepted for regular use, and HJT needs to be in its own folder, so that backups are in a safe place.
First,delete both versions of HijackThis from the desktop. Then reboot your computer.

Then, download the self-extracting installation file here. Save it to your desktop.

Next, double-click the HijackThis_SFX.exe file icon. A window will open. Accept the default installation folder by clicking Unzip on the right side of the window.

Navigate to the program by clicking Start, My Computer, then double clicking C:\, Program Files. Find the HijackThis folder and double-click it to open.

If you would like to make a shortcut for your Desktop so it's more easily accessible, right click the HijackThis icon (it looks like a detonator with some dynamite sticks) and choose Send To > Desktop (create shortcut) .
Now, open your freshly installed HijackThis and run a scan. Place a check mark next to the following lines:

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: (no name) - ¨=07962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - °$49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)


Close all other windows on your desktop, and make sure there are no programs running minimized in your taskbar. Then click fix checked.

Reboot once again, then open HJT and run a scan. Click Save log and select your desktop as the location. Then, I would like to see an Uninstall list. Still in HijackThis, on the main screen click the Config button.
On the next screen, click Misc Tools.
On the next screen, under System Tools, click Open Uninstall Manager.
On the next screen, click Save List. Select your desktop as the location, keep the deault filename (uninstall_list.txt), and save it.
Close HijackThis.

Finally, use Internet Exporer to run an online scan.

Go to the Kaspersky online scanner. Accept the terms, let it install an ActiveX program (since you have XP SP2 this is blocked by default, you must allow it), then accept the terms again, let it download the files (about 8 MB total). Click Next, and select "My Computer" as the scan area. Kaspersky takes a long time but it is very thorough. When it is finished, save the report as a text file (easier to work with than an HTML file) to your desktop.

Post the Kaspersky report, the Uninstall list, and the HJT log to your next reply.

Dave

#3 joyann

joyann
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:10:05 AM

Posted 22 May 2007 - 02:31 PM

uninstall list :
202 PDA Games
Ad-Aware 2007 Beta
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Advanced Disk Cleaner 4.7
AVG Free Edition
CCleaner (remove only)
CDisplay 1.8
EasyRecovery Professional
GMail Drive Shell Extension
Google Talk (remove only)
Handmark® Super Solitaire 15 for Palm OS
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 3
Junk E-mail Reporting Tool
Media Center Alarm Clock
Media Center Playlist Editor
Media Center Solitaire
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web Designer Beta 1
Microsoft Expression Web Designer Beta 1
Microsoft Expression Web Designer MUI (English) Beta 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007 (Beta)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007 (Beta)
Microsoft Office Proof (French) 2007 (Beta)
Microsoft Office Proof (Spanish) 2007 (Beta)
Microsoft Office Shared MUI (English) 2007 (Beta)
Microsoft Office Small Business Connectivity Components
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2004
MSN
MSN Messenger 6.1
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser
Norton Spyware Scan provided by Yahoo!
Notepad++
NVIDIA Drivers
O&O Defrag 2000 Freeware Edition
palmOne
PC Inspector File Recovery
PokerStars
PokerStars.net
PrimoPDF
PrimoPDF Redistribution Package
QuickTime
RegScanner
Satellite Finder 3.6
Security Task Manager 1.7
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows XP (KB913433)
Self Test - Access 2003 Core
Self Test - Excel 2003 Core
Self Test - Excel 2003 Expert
Self Test - Outlook 2003 Core
Self Test - PowerPoint 2003 Core
Self Test - Word 2003 Core
Self Test - Word 2003 Expert
Self Test Practice Test Engine
Self Test Software: Exam SK0-001
Spybot - Search & Destroy 1.4
Trillian
TweakMCE
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VideoLAN VLC media player 0.8.6-test1
Viewpoint Manager (Remove Only)
Virtual Earth 3D (Beta)
VNC Free Edition 4.1.2
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Live Local Add-in for Microsoft Office Outlook
Windows Live OneCare safety scanner
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
Yahoo! Toolbar

---------------------------------------------------------------------------------------------------------------------

hjt log

Logfile of HijackThis v1.99.1
Scan saved at 3:21:58 PM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Joy\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [µTorrent] "E:\My Downloads\UTorrent\utorrent.exe"
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...p?noreloadredir
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/messenger/AxLoader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152828564678
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www19.wirelesssync.vzw.com/en/SyncInstall.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

---------------------------------------------------------------------------------------------------------------------
virus scan

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 22, 2007 7:48:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 22/05/2007
Kaspersky Anti-Virus database records: 326560
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\
E:\

Scan Statistics:
Total number of scanned objects: 187606
Number of viruses found: 8
Number of infected objects: 30
Number of suspicious objects: 0
Duration of the scan process: 02:27:55

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0340a73a4d8fdbca0314bdf357b169c9_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03aeabf890a59ab3e35c772e47b6b3d0_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\050859d09267ec4c52fea25e65c73ce7_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05674ca27fabd580ef39b121e80b75fd_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0594ce03707e4fae085b504356482ab9_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\066222cb7664b33d4e92c6d578fb1d6e_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\073fc1c06f95015ec55764ec6dcd0976_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0776f3c072071eddaa8ef755d77cdbfe_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07ab4399453fc43bee12f6e95d3cca3e_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\080df6ed94d8f84eff5cf82101e152af_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0816c37b0f98079b6b2736acbac6a595_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\088d646adba64c5edb8822df13ac24e4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08970a04149f7b78d0a9bca81fe65379_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08bfcae297322c74d3800168de92ed6a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a51b0120f565ce13eb8bedb67676f44_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a5cb52becb4806a789e1446be85c64a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ad19bbc626cfb1f7431213e072bcfd6_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b6ad11d0d7a3c9fc1ed3c36543346ec_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cba148a02731b502428c9e09ac4010c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ccfb10ff1b83eba4d011fb449b69d9b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d7396a15b5b014fa9960fd1d1c0f808_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f2cb9670cb6846cda08f3b341c31c7f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f87b379465d7950d1a1605a25633520_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f8fc2d316f48cda8ea92817f8ec9455_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\102cf062d704280cd47e901343621982_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1193add6dbb76698124582addae4aa11_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11fca3bed501336382d7e62fcace9d45_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\136a684c2ee99050d715c0e518b18d81_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14377a860bc8dd77646ad995e31e2ae8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14ea9e634cf3448a745f96715bec1fcf_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15d165afa85e050aabe1d9d334fbeacb_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\165efe95cc56f98e6ca7c696e209d544_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1772659ca1abb18402e9d585becbaff7_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17e426ef977bfa52a8ef5ec0e73419d6_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\183c75c0630e97c2902b9389f36ba8d9_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\193bc9693ba3cc2fa76f7fa0bb8c854f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1970b5befefd8d14274a87ae1f3a0ba7_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a12d2aa16d5da841d3b349fbd22ba51_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a1e4a233aa32d7677a7944bf72e539b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a7d8735d1c9f55117a42164cdb2f1d4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ad2928a61a1ce33888e0028e592d613_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1bbf9db5f92c04c496889e69ee4d9934_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c06ec4eeeab276734ee62f7cc055b7e_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c326b032c5134c6041a2bbce72ff7b2_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1dd705db9916152a520d983bf7240cd3_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e94ef045207d27a6eb41c087dbf05ab_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\216c8cf82f720250d808642ad9e224f7_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21cb66b07095d2c4bbbb1ab9e8a67293_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22d30f843c7df5c986d12f093310a96f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2351b51861c042f039a5d5d62851e149_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23c56b427fe77d227814bc2cbde71b04_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23f58a5e7a929cabf06c65db252b7100_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2539887f1b0252bf5e40546d98de0761_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\258fd7356a53d5dc8ee68c98ecd8d242_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25a9d7597df690027919c3e6b4dbadfc_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2703e0bc90d703ff8d4b702e7490f018_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\275b96903e87de51871e51932ab914ee_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\279b7381ef1500812836339af73c0f72_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27dc8a82812d06ab199d575d37c92c6e_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28ca91dc307ff749f21523e2c04576c6_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\295167f9e7bb0f078577a6ba0a203b93_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29f3f610c3dd50a99a369200db88791d_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ad5e253908ba74f2968faada773bfd8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2bb15d2d1983a47921d90ec7c68fd4f7_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2bdee4918c6134a4f2d598cff877d535_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c0df155361f523a0b39069a5b0ff383_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c5c44283adb7d90a02314cedef19626_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c630d0b66a74a9adcf465c064089d46_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cbbabbe147de5dd7d57ad8e00ef60f5_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cd6cdacc7bf2a6d89c1d604efaf9e5b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d8bf50e90a97c0567672bc565c2f520_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f1f42e6f4bc5b9dd53a1e6dd7e55ba9_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2fcd5f25aa279725c336520bb0eafef4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30677589e704ddbe3727c110f89409fa_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\309232634bdaf56e9bab8c861aec34a7_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30c5360c43bacaa76765e53d39d4791c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30ec3d15f61b5fb50b93b50a3e503119_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31e8cc2b12e5b83a961500a03bc8da87_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33d1a8c1703f7508ac2f74d93afa0558_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\343e8166acbd7fdf04018ff7f7e6de5a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35ae2d4c63fdef7ec0e383a207cb50c9_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36c992bc506075247e6f1d0fa2086502_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\395aec474d0564ea8cc5305e409b72a2_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39ccbad9a9b54a47f0bcd4028d4ba261_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a355d0da13d512089d6ff24c82c5d04_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a780a1ae54407de6f0860c8d34ca42e_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ab642688c9ceaf2c0023207d2c3dd21_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3abe2e6a867e06c0a4fbfc638d76acde_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c03542ac36109af692735356b5023f3_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e17006724d36427952a18b73b279712_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f6c4981c4eae2c3494239e65077ae1d_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\409c6b3bc27b67335d22fa6b1e28fdbf_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41a7d5a507161709bf6325061debccbd_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42c07433c07419b1555eabc955c413e1_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42cca746c92b20c4ab1a44f6345ed64b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4325a41352fa50165526763604863d1b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43c5586d04a958fedb5234a3d149fd12_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\45e4520e5df2d35ae38d70dae8978ccd_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4632bbf1d48707ab140cd28214606789_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4650dc47996c14227dad2c28d4a40635_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\481fd78db79d053704ec4284a0a5dd75_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a034237daa2082f1b2a32b91a43466c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4bbb0cd7a62dbbe8de7fb77ffaba007d_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c5817f32adb4e1e02fb9254029c4c53_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e15ef8f5dd8a95f5f8fa1b8a68253b8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e3e6e93d4702928e38afb0902b47405_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e8add3581025f19c130ae7ad36b7353_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4eabf305195f8d66935d6945da5c1e0a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f3b12d01dc88929cddb577e42cd732b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f79df0e0e5d7b7a3a9cd209c3aa4be9_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f821a6ee508e327ef40ba0570b415c4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\507423e5c15e49c0397623e4f76ca76c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54640ca1e04271d34ff97dd0ad1d28ec_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\552ff8db25522a95774c6ea1a4f02426_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\561aaf7e7b3c3122f3808ce1e0b1024b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\567ef69464cee7260808e2716c1d38a4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5721a9e5f7185ebf2ab35a550971b226_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57b5624cd03b0cc65a3e12aa1be57f84_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a07f40779dc43c5186feeb75ed6871a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a54acc86f16d38f6884ddc9c7c49f48_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a88c600edc4277d1280cab9d31e62e0_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b1cb23fd47b46c31278da020ec88e95_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dc775254f530cd84ea5cdf235f6ae75_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5eb755baa82be0b7c806c70c509cadce_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5eba660f7b0d60e7c476588d19ebdb15_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f905299a2b899cb6aa4d79ce8121e55_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\607f2292f367f91a1cda0ce7c49228a8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61b5db522bce160d58a40c55ab4967c4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61fddfc742a1ce156e5600f113500bc5_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6246a4d3c1a80994b247a2cd676a628a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62a21df182664ab761e61e9298ea83c5_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62faf249c86fd4f8fca0b9d229987bc8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6337ad94c410bb7238eda0b94c7c7ca2_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6385aa4dc21752c2def0e70420483976_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63adef879a758130a4bfce223922f3b8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65721c0f5b7a857e069701497857088c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65d7e9513baadadcb466688e9aba6561_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6625cd1071ec9e9829b1d0f9a543cf35_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6641a974977cb5400f0e4034cdde56d8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67b6e5363048c5d4ae76734ae4cf648b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\69753fd0dc2608fd8983969d6ee7af93_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\69fbc3091a4dd0ec5058cb4de528e314_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a260330427f6f8fc184b5f8d2db1b91_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b4ffda370979d6398d57bfdf05b3d5b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b54f1d31695483dc16b26177d4c29e8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6bf6c94b0b6fc3249c46fa008c11e34d_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c28c1d735426f98c060885ae5592a90_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d4c24c8fc52d34076856d6cea384338_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6dddaf4ad31fd4b54aecbfa8c8425229_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f91cf953ac7fc6621b608318e696443_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7085801fce2512517b6ebec28b346bd7_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\738fd67b358f474a676d9400288ae294_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7391461608d78dd9aa742f52baab5349_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\749f3b8f373db459bae50694a88b5423_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\75313e9a609d3399f559663f5a954770_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\75db8ef172519f73994f97523e6c1ab9_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77ba490c923f5e3282f25cabc8a0f565_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\78655485611f266e8f937b5f416b39fc_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\789dcd7a7883b8b8dbbefebea417f919_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79a5bb5e9519ee9f0998f709c750e854_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79ca6024d986581d7182d9f329951cb3_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a01d1ca18afdbc7bca04b6523f99539_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c5818d823454341668a0a7b9d685720_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cb64b6ef1ec95ffc8311bd315449fe7_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7dc9761b89ab00ecc415bc110eb84f98_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e1759e0f6fe547644422f4adb88af9b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e6e86a54644039fd5c70f0fe3c9a14f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f2bde065a9fce405c500f9a9b07f0b1_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f6aa296e5bb16bcad37ad6313759403_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\800e0191ba1b6f01fd5887aceeaa2d66_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\811ac327d4b73c9309d1cc3c48ccf307_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81ec83a203362d5487039d3c67485269_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81fdc7fadb001681a1e36366a72a000d_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8233b2e1227407e98bb4d0a61bdd4e59_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82b066fac493bacd41d946cbbcee75f4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82e6aa9f78753a1ee15e6a8e2bea345f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82ff464659e582e4e086770e49e51ff8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8420be2ff9f0bed34db9f9501c73a210_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84561c5699a6050994d73185cccd3c14_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85761a7caff69dd2f34ce5ea2833185a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86db41337bd39291c6698f79aff1fc0a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\873fc2ed305749d29afb8d5de83e5fe8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89810fca9410e2699807b9d9c8d94bd7_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89c3ce3601e5954913917b1e94980ca5_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89d357edcdfb67614d91063ab9ce7cab_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a2f7456a04076f558ae8803c3b9666b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a404bf4bc7fff6c0b900a33fe4c408e_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a4686a1dcf462fcf8055f70d9271c23_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c0458ec49ee6e04d4b7717630a3f202_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ce8a261c1fb8ef39c8b3db56e50936f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cfb2410da8aaf4e2bfc363a855c27b8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8fa9c93dada584cd3fc321ad888df7bb_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9134792c6f49030dcec5ee3b3fc16fac_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9347b5f4c8cdd5c086dc83cd30287cf5_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\935eea20eec57d1c55198148f63327b3_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93c01f1698a4101b86f16f0d6dcce959_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\940b8d36cb932a64c0f5752c3a7308eb_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9456a98de4dab0ca62cdfc36c4c814c1_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97c95650d3309ced06f75fa50fa5d15b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\987f42d9d7e1e12dfda05f2c61a0ed1d_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98ef6aa6cb547b070d1570a445ec023d_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98f6c20ee331325a12bc9125659b865a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9bdc8550607643a91dad773e68e2075e_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e4bed82b7cb45d8167bd2d60dd1f7c2_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9eb05cff3d0a3d1e39d0f77c6a5c892c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0b7ce051bf3c212533152508dce06cd_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a214f8c02aedd164e3c7324cc303b297_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2c465c0a71df88107bc6e34d32dfccc_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a53e4afc5774975c2113be41b71af876_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a54e43d7f70409252b1c08efc95dd7e4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5c2f9bdda295757cf0f215e8a7ed036_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a745073343e3d0941dd4f8e85a55227c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7b050912daf702f553256089e34acfb_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8e85a4eee9593643b418d624f37b4d1_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9e71c0c4f4a213a004e538719574005_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aac10d3a65da7a9a0c659ffe4b31fa35_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac27849950dbb1539f54fe7f3e626c4a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae554ea33713da0fb4e9f3126f525ece_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae9b64b18c8451ed20c6548caf792c42_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1429447652c1fbef42cf97115884791_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4b0406d88edac7f588655d9284b9b17_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4dfc2876ee6f51f3d8e4e77f327e917_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7ac2135c58430a14501a7759c5facb0_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b85da261dd6bdea1fb1e40659bbfa8a1_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b8a25f47fd59ce4aa915169bddaa5f88_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb3577bc95ef1d8575bd196c9d95e6b6_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc83b7b707df8a70410d763ee9dd4774_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcc46eed6e870a6fa0befa7106827f45_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be0f65c5b648a32ccf4bf2ffb0227439_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be2bc12ffd95e5fbace8567720064a05_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be4564ffaf9fd738805aba4d54dca840_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf08e40d5d8b1585a5bbff91a4bd7660_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf2a20b269f53350da695f00d21dd3ed_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0d83b1d9aab86a0c8e2312a3647477f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c243a3aeebc7c841c348d3826d06c6f2_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c26c5a8b86ab4b5e8693e54abe2dba7c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c356f95399253e5975c24d73b8802069_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c40817c8625c87701a318479445ef24e_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c51c46718650d08d3cdeb7f9bbca0422_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5cc9d580a1b93bfeeff8ac10ae8a035_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c782192a5217229a0e31c6ed10446325_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8efe90b70676c5d3578e506e5c572e8_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c911227a63259ac3da22aad858c28157_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c93b28e296c6e5c02278ca42bd9f798f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c99bc38f6f06f767c49c034cde65ea62_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca0826c88a8b770e361097211df8eeb1_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ccbf97551379e54669c2b4c2b281ffaf_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd181e6b8cfb80722ca9a6f4cbced70b_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd9b031eb51cf4371e329653948cb0cc_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cec37f1860f0d9e233ede381d83cccbe_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf44559a044b36103f82614f21894901_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d05ae37c2e6910e6451ad03d6b6e85d4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4254d3bd76c0f746c6be1f4640e3adb_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6c64cf206e5463c3b69b6cdfb04501f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d77a5b5691b94fcf4538f934b40a4566_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9af9430bd89d450bda033ca276f301a_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9cdef5cd3459714e56fb404d7c4a4e1_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da17684c278be15d1bd4fccb01e2064e_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da59c5f86c949992fa13cbc13d65ca63_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\daafba3e50900ddba00ec8ffaffa8fbf_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbfac012c29b9eb5832e5302c0c6093d_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd894fe2101306683fbc663b1fc4d30c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ded6c973a04a7bcf17c851bd3d73a69f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfa2cd84bce9175704ce445120c81766_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0ca48823af5554599cc7c8b922e52b4_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e235802e3842427271ee5783f55e0c0f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3f85a3471afc4e488dc3bceb6ceb318_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4ef686267b03a15ebb073433c601bf0_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5dd23295feade6b62f8f16e24ddbb87_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e60d5f15102b82854bff47f14b299bd2_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e68c9a003ad0ac61389f335da889c773_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e73efd335c8a18e70a481f310188f8e1_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9c91d2fe2b45caf34b8bb3c30c5172f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb2c8b7e63d7bf4508c3ba0022b55cdc_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed704fef998bb6a33b1ae4d279b3b559_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed9352580a26c7d0b8d8ef06fb729d77_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edcc4681185659b091293846bd009a90_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee1260c7e276165c8ecc50822f6879cc_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f06d22059fdfe34f6df2164f7c9674c2_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f098a8cf8e8648744520a6791a705e4c_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1b082e1a9d9d7b308b235e3b910a0ba_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4641124e96605d0580ec348b70b3c73_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4b32ec55ae96e976ec49876967c7030_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8f90c53b7df0ee5b262b7042ea4b4cf_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9a864d20f658684a686917ac0f65d34_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9b18b3f020f9ab8865738e3f3780431_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9d3d3fe1e809f75733cd0bb79c98aea_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd00f194efef833e102dfd83c3dfc178_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\feb39bf48890c459aa33410909d95d3f_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff45742c03c66aacf22aa4c20742da45_4ccccd7d-b9bf-4deb-a4a1-591cbdcf8543 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\JimmyJ\Local Settings\Temporary Internet Files\Content.IE5\RPNLLJWD\count[1].htm Infected: Trojan-Downloader.JS.Inor.a skipped
C:\Documents and Settings\Joy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joy\Local Settings\Temp\Perflib_Perfdata_9e8.dat Object is locked skipped
C:\Documents and Settings\Joy\Local Settings\Temp\~DF993D.tmp Object is locked skipped
C:\Documents and Settings\Joy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Joy\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_198.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_b4.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_204.trc Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\LOG\log_168.trc Object is locked skipped
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\0001000B.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CF84C287-7124-4D72-B271-7F9F1F2CF3D9}\RP326\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D10177C4-8FC4-4C1F-AEA8-76E45CBD9170}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by joyann, 22 May 2007 - 06:58 PM.


#4 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:08:05 AM

Posted 22 May 2007 - 06:26 PM

Sorry -- hit the wrong key. Please see next post.

Edited by DaveM59, 22 May 2007 - 06:44 PM.


#5 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:08:05 AM

Posted 22 May 2007 - 06:42 PM

Hi again Joyann,

This post looks much better, thanks.

I think you missed this line in my previous instructions:

Also, please disable uTorrent until we are finished.


But I still see this line in the new log:

O4 - HKCU\..\Run: [µTorrent] "E:\My Downloads\UTorrent\utorrent.exe"

That means uTorrent will start up every time you log on.

If there's no way to change this behavior from within the program, (sorry I am not familiar with it) then please fix that line in HijackThis. Yous will still be able to start the program manually whenever you want.

I do not see any Windows Security updates listed in your Uninstall list After you have finished the Kaspersky scan, please go to the Windows update web page and use the Express option there there to download and install all critical updates for your machine.

This is very important. An unpatched Windows system, even with Service Pack 2 installed, is open to many exploits by a large number of viruses and worms. If the system is not updated it can never be secured.

Let me know if you have any trouble with the updates.

Looking forward to the Kaspersky log.

Dave

#6 joyann

joyann
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:10:05 AM

Posted 22 May 2007 - 07:06 PM

posted log
removed O4 - HKCU\..\Run: [µTorrent] "E:\My Downloads\UTorrent\utorrent.exe"


part of the issue is ms updates do not work
but I am trying right now

#7 joyann

joyann
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:10:05 AM

Posted 22 May 2007 - 07:34 PM

posted log
removed O4 - HKCU\..\Run: [µTorrent] "E:\My Downloads\UTorrent\utorrent.exe"


part of the issue is ms updates do not work
but I am trying right now

nope same message I always get
"updates were unable to be successfully installed"
the following updates were not installed:
Update for Windows XP (KB927891)

#8 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:08:05 AM

Posted 23 May 2007 - 11:32 AM

Hi again Joyann,

Two things we need to do next.

First --

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 1 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Next--

Kaspersky shows another account on this computer (JimmyJ). Please log onto this account -- not yours -- and run a HijackThis scan.

When you run the scan look at the log and if you see a line -- probably an O4 -- listing this file:

C:\Documents and Settings\JimmyJ\Local Settings\Temporary Internet Files\Content.IE5\RPNLLJWD\count[1].htm

checkmark that line and fix it. Then run a fresh scan and post the log.

If you do not see such a line, just post the log.

Also, I would appreciate a little information about how this computer is used. I see files I have never seen before, that seem to be associated with a web server rather than a typical home computer. Also files associated with web page development. I just need to know that these programs belong on your system.

Also, you may have noticed several lines in the Kaspersky log like this one:

C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

As Kaspersky understands, realVNC is not a virus or trojan. However, it can be misused, and if there is no need for it, removing it would make the computer more secure.

Looking forward to your reply.

Dave

#9 joyann

joyann
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:10:05 AM

Posted 24 May 2007 - 09:43 PM

jimmj's
Logfile of HijackThis v1.99.1
Scan saved at 10:39:51 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Documents and Settings\JimmyJ\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...p?noreloadredir
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/messenger/AxLoader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152828564678
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www19.wirelesssync.vzw.com/en/SyncInstall.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

#10 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:08:05 AM

Posted 25 May 2007 - 08:48 PM

Hi again,

JimmyJ's log is clean.

Kaspersky showed a clean computer except for that one trojan in JimmyJ's temporary internet files.

I still think we need to do a couple more scans just to be sure malware is not involved in your problems.

First step: I see you have CCleaner on this machine. Please run it first on your account, then log onto JimmyJ's account and run it from there as well. For both runs, make sure the following items are checked:

Under Internet Explorer:
Temporary Internet Files
Cookies
History
Delete Index.dat files

Under System:
Empty Recycle Bin
Temporary Files
Old Prefetch Data

You can check any other items that you customarily clean, but make sure those are checked when you run the cleaner.

Now, reboot back into your account, then run a couple of rootkit scans.


Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Post both logs to your next reply.

Dave

#11 joyann

joyann
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:10:05 AM

Posted 26 May 2007 - 07:26 PM

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-05-26 19:53:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F9DCFBB-D40E-BA16-ED14-AAA8D03DEC2D}@dblicdjpbhoakibkmljfpbapbeifbjnddnjhhpmi 0x6A 0x61 0x68 0x6A ...
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F9DCFBB-D40E-BA16-ED14-AAA8D03DEC2D}@cbjmafhdlhgdpnigijeclkcmfpdeoeioejgbnk 0x6A 0x61 0x68 0x6A ...
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F9DCFBB-D40E-BA16-ED14-AAA8D03DEC2D}@dblicdjpbhoakibkmljfpbapbeifbjnddnjhdpak 0x6A 0x61 0x68 0x6A ...
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F9DCFBB-D40E-BA16-ED14-AAA8D03DEC2D}@cbjmafhdlhgdpnigijeclkcmfpdeoeioejcbpd 0x6A 0x61 0x68 0x6A ...
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7E8609F8-629E-6D77-6DFB-5FDBEA70D80B}@bbhfbdjdohjkhemhgbnmgihppbedplhilmli 0x6A 0x61 0x6C 0x67 ...
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7E8609F8-629E-6D77-6DFB-5FDBEA70D80B}@abnnhacfbfimnbaegeabhgdbdakjbkbija 0x6A 0x61 0x6C 0x67 ...
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7E8609F8-629E-6D77-6DFB-5FDBEA70D80B}@iahfbdjdohjkhemhgb 0x61 0x61 0x00 0x00
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7E8609F8-629E-6D77-6DFB-5FDBEA70D80B}@hannhacfbfimnbae 0x61 0x61 0x00 0x00
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7E8609F8-629E-6D77-6DFB-5FDBEA70D80B}@ialebadomplofhgbpp 0x61 0x61 0x00 0x00
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6E761C8-BF52-9B88-EBA7-CDEACD1F6AD5}@bbjmnidmmpaddnodddogocpeechekilcdlif 0x6A 0x61 0x67 0x62 ...
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6E761C8-BF52-9B88-EBA7-CDEACD1F6AD5}@abpfphkhkknndodhflabieloieinioanfn 0x6A 0x61 0x66 0x62 ...
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6E761C8-BF52-9B88-EBA7-CDEACD1F6AD5}@iajmnidmmpaddnoddd 0x61 0x61 0x00 0x01
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6E761C8-BF52-9B88-EBA7-CDEACD1F6AD5}@hapfphkhkknndodh 0x61 0x61 0x00 0x01
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6E761C8-BF52-9B88-EBA7-CDEACD1F6AD5}@iafhfdehjfjikhclga 0x61 0x61 0x00 0x01
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6E761C8-BF52-9B88-EBA7-CDEACD1F6AD5}@bbjmnidmmpaddnodddogocpeechelionmodg 0x6A 0x61 0x66 0x62 ...
Reg \Registry\USER\S-1-5-21-1644491937-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6E761C8-BF52-9B88-EBA7-CDEACD1F6AD5}@abpfphkhkknndodhflabieloiednfndolj 0x6A 0x61 0x66 0x62 ...

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\JimmyJ\Desktop\Gibbs Racing meets with Hamlin's crew - Yahoo! News.url:favicon
ADS C:\Documents and Settings\JimmyJ\Desktop\hardcandies - joys cue.url:favicon
ADS C:\Documents and Settings\JimmyJ\Desktop\Phil Anselmo - Wikipedia, the free encyclopedia.url:favicon
ADS C:\Documents and Settings\JimmyJ\Desktop\redneck pool group.url:favicon
ADS C:\Documents and Settings\JimmyJ\Favorites\eBay Sell Create Your Listing.url:favicon
ADS C:\Documents and Settings\JimmyJ\Favorites\FTA hardware help - Al7bar Community.url:favicon
ADS C:\Documents and Settings\JimmyJ\Favorites\Low cost cue shaft spinner - Easy Pool Tutor.url:favicon
ADS C:\Documents and Settings\JimmyJ\Favorites\Official Site of Brian Vickers® - NASCAR NEXTEL Cup Series Driver.url:favicon
ADS C:\Documents and Settings\JimmyJ\Favorites\Sysinternals Freeware - Processes and Threads Utilities.url:favicon
ADS ...
ADS E:\Dilbert 1994-2002\1994\dilbert19940101.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\Dilbert 1994-2002\1994\dilbert19940102.gif:Q30lsldxJoudresxAaaqpcawXc
ADS E:\Dilbert 1994-2002\1994\dilbert19940102.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\Dilbert 1994-2002\1994\dilbert19940103.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\Dilbert 1994-2002\1994\dilbert19940104.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\Dilbert 1994-2002\1994\dilbert19940105.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\Dilbert 1994-2002\1994\dilbert19940106.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\Dilbert 1994-2002\1994\dilbert19940107.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\Dilbert 1994-2002\1994\dilbert19940108.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\Dilbert 1994-2002\1994\dilbert19940109.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\Dilbert 1994-2002\1994\dilbert19940110.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...

---- EOF - GMER 1.0.12 ----



--------------------------

C:\fsbl-20070526214438.log


05/26/07 17:44:38 [Info]: BlackLight Engine 1.0.61 initialized
05/26/07 17:44:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/26/07 17:44:38 [Note]: 7019 4
05/26/07 17:44:38 [Note]: 7005 0
05/26/07 17:44:46 [Note]: 7006 0
05/26/07 17:44:46 [Note]: 7022 0
05/26/07 17:44:46 [Note]: 7011 1696
05/26/07 17:44:46 [Note]: 7026 0
05/26/07 17:44:46 [Note]: 7026 0
05/26/07 17:44:48 [Note]: FSRAW library version 1.7.1021
05/26/07 17:49:19 [Note]: 7007 0


-------------------------------

Dave,
I have deleted everything in C:\Program Files\ewido anti-spyware 4.0 but two files I'll remove on reboot
context.dll & shellexecutehook.dll (deleted now)

Thanx for all your help so far

Edited by joyann, 26 May 2007 - 07:51 PM.


#12 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:08:05 AM

Posted 29 May 2007 - 12:51 PM

Hi again Joyann,

Sorry for the delay, I hope you saw the line in my signature. I was out of town for the Labor Day weekend.

Actually, your GMER and Blacklight logs look clean. Not everything these scanners finds is bad. However, There is no harm done by your deleting the Ewido files and folder. The program is obsolete, in fact it was replaced by AVG Antispyware almost a year ago.

Since Ewido was not on your Uninstall list, I suspect the files were "leftovers" from an uninstall.

I still have not found any malware on your system that would account for your problems. Let's try one more scan which casts a wide net, maybe it will show us something.

Please download Deckard's System Scanner to your desktop:

http://www.techsupportforum.com/sectools/Deckard/dss.exe

Note: You must be logged onto an account with administrator privileges.

1. Close all applications, including any that are running minimized in your taskbar.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <- this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Could you do one more thing for me. Please try once more to update Windows. When you get the error message, could you please highlight it and copy and paste into a notepad file, or if you cannot do that, write down the message exactly, word for word? With these Windows errors, sometimes you need to search on the exact wording in order to get any relevant results.

Put that error message in your next reply, along with the DSS logs.

Dave

#13 joyann

joyann
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:10:05 AM

Posted 29 May 2007 - 07:49 PM

Here is what happens when it fails.

Microsoft .NET Framework version 1.1
Update Rollup 2 for Windows XP Media Center Edition 2005 (KB900325)
VIA Technologies, Inc. - Sound - Vinyl AC'97 Codec Combo Driver (WDM)
VIA - Networking - VIA Rhine II Fast Ethernet Adapter
Root Certificates Update

Attached Files


Edited by joyann, 29 May 2007 - 08:42 PM.


#14 joyann

joyann
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:10:05 AM

Posted 29 May 2007 - 08:06 PM

---main----
Deckard's System Scanner v20070426.43
Run by Joy on 2007-05-29 at 20:46:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
107: 2007-05-30 00:46:28 UTC - RP361 - Deckard's System Scanner Restore Point
106: 2007-05-30 00:40:49 UTC - RP360 - Software Distribution Service 3.0
105: 2007-05-29 18:37:01 UTC - RP359 - Microsoft OneCare Protection Checkpoint
104: 2007-05-29 03:38:04 UTC - RP358 - Software Distribution Service 3.0
103: 2007-05-29 03:24:49 UTC - RP357 - Removed Ad-Aware 2007 Beta


-- First Restore Point --
1: 2007-03-01 06:23:18 UTC - RP255 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Joy.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:48:30 PM, on 5/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\DOCUME~1\Joy\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Joy\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Check Windows Disk Protection.lnk = C:\Program Files\Microsoft Shared Computer Toolkit\CheckWDP.hta
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...p?noreloadredir
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152828564678
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www19.wirelesssync.vzw.com/en/SyncInstall.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
O23 - Service: XHLQVYF - Unknown owner - C:\DOCUME~1\Joy\LOCALS~1\Temp\XHLQVYF.exe (file missing)


-- HijackThis Fixed Entries (C:\DOCUME~1\JimmyJ\Desktop\HIJACK~1\backups\) -----

backup-20070524-221357-199 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070524-221357-408 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
backup-20070524-221357-419 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20070524-221357-594 O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
backup-20070524-221357-689 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
backup-20070528-140518-218 O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
backup-20070528-140518-249 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20070528-140518-258 R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070528-140518-291 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20070528-140518-352 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
backup-20070528-140518-592 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070528-140518-653 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
backup-20070528-140518-738 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20070528-140518-790 O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/messenger/AxLoader.cab
backup-20070528-140518-917 O11 - Options group: [INTERNATIONAL] International*
backup-20070528-140519-507 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
backup-20070528-140519-566 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
backup-20070528-140519-726 O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
backup-20070528-140519-790 O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
backup-20070528-140519-807 O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ewf - c:\windows\system32\drivers\ewf.sys <Not Verified; Microsoft Corporation; Microsoft ® Windows ® XP Embedded>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 AdWatchDrv (AW Realtime Driver) - c:\windows\system32\drivers\awrtpd.sys (file missing)
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SCTThresholdMon (SCTThresholdMonitor) - c:\program files\microsoft shared computer toolkit\bin\srvany.exe
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
R2 winss (Windows Live OneCare) - c:\program files\microsoft windows onecare live\winss.exe

S? WinVNC4 -
S2 OOD2000 (O&O Defrag 2000) - "c:\windows\system32\ood2000.exe" <Not Verified; O&O Software GmbH; O&O Defrag 2000>
S2 WDPOperations - c:\program files\microsoft shared computer toolkit\bin\srvany.exe
S3 XHLQVYF - c:\docume~1\joy\locals~1\temp\xhlqvyf.exe (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-05-29 20:45:00 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-05-29 20:00:00 252 --ah----- C:\WINDOWS\Tasks\AD3B42C691B0F446.job


-- Files created between 2007-04-29 and 2007-05-29 -----------------------------

2007-05-29 16:23:39 0 dr-h----- C:\Documents and Settings\Joy\Recent
2007-05-29 01:28:23 30470 --a------ C:\Documents and Settings\JimmyJ\x_dtrace_log
2007-05-28 23:25:35 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2007-05-28 23:11:49 0 d-------- C:\Program Files\Microsoft Shared Computer Toolkit
2007-05-28 23:08:02 0 d-------- C:\Program Files\UPHClean
2007-05-28 16:49:32 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-05-28 16:34:49 0 d-------- C:\Program Files\MSBuild
2007-05-28 16:27:12 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-05-28 16:24:03 0 d-------- C:\Program Files\Reference Assemblies
2007-05-28 15:51:00 20606 --a------ C:\WINDOWS\system32\x_dtrace_log
2007-05-28 14:45:18 81024 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys <Not Verified; Microsoft Corporation; OneCare Firewall Driver>
2007-05-28 14:45:10 105856 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys <Not Verified; Microsoft Corporation; OneCare Firewall Helper Driver>
2007-05-28 14:43:55 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-05-28 14:18:30 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-05-28 13:57:18 0 dr-h----- C:\Documents and Settings\JimmyJ\Recent
2007-05-28 12:02:41 21312 --a------ C:\WINDOWS\choice.exe
2007-05-28 12:02:16 0 d-------- C:\ie-spyad2
2007-05-26 17:51:17 573440 --a------ C:\gmer.exe
2007-05-22 15:23:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-05-22 15:23:44 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-22 14:13:30 0 d-------- C:\Program Files\Notepad++
2007-05-22 13:45:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-05-21 01:08:09 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2007-05-21 01:06:28 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-05-11 18:38:43 0 d-------- C:\Documents and Settings\JimmyJ\Application Data\Viewpoint
2007-05-11 18:38:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-05-09 03:05:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


-- Find3M Report ---------------------------------------------------------------

2007-05-29 12:07:29 0 d-------- C:\Program Files\PokerStars
2007-05-28 23:24:55 0 d-------- C:\Program Files\Lavasoft
2007-05-28 23:21:00 0 d-------- C:\Program Files\Microsoft Small Business
2007-05-28 22:28:58 0 d-------- C:\Program Files\Microsoft Works
2007-05-27 21:19:53 0 d-------- C:\Program Files\Trillian
2007-05-24 22:37:40 0 d-------- C:\Program Files\Java
2007-05-22 14:09:53 0 d-------- C:\Program Files\CCleaner
2007-05-09 09:42:13 0 d-------- C:\Program Files\Siber Systems
2007-04-26 21:31:46 38347 --a------ C:\Documents and Settings\Joy\Application Data\Microsoft Excel.ADR
2007-04-26 21:11:02 38504 --a------ C:\Documents and Settings\Joy\Application Data\Comma Separated Values (Windows).ADR
2007-04-23 23:27:01 0 d-------- C:\Program Files\Cosmi
2007-04-23 23:27:01 0 d-------- C:\Program Files\Common Files\Cosmi
2007-04-23 23:01:40 0 d-------- C:\Program Files\Handmark
2007-04-23 21:00:18 0 d-------- C:\Program Files\RegScanner
2007-04-23 20:57:55 39424 --a------ C:\WINDOWS\zipinst.exe <Not Verified; NirSoft; ZipInstaller>
2007-04-23 20:55:00 0 d-------- C:\Program Files\Security Task Manager
2007-04-23 20:55:00 0 d-------- C:\Program Files\Pool Buddy Yahoo
2007-04-23 20:46:17 0 d-------- C:\Program Files\Innovative Solutions
2007-04-16 22:20:40 0 d-------- C:\Program Files\Online Services
2007-04-16 22:16:47 0 d-------- C:\Program Files\Microsoft Money
2007-03-22 20:25:02 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-11 16:15:29 38482 --a------ C:\Documents and Settings\Joy\Application Data\Comma Separated Values (DOS).ADR


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""
"BDSwitchAgent"="C:\\Program Files\\Softwin\\BitDefender8\\bdswitch.exe"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"RunLogonScriptSync"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001
"MaxRecentDocs"=dword:00000064
"MemCheckBoxInRunDlg"=dword:00000001
"NoWinKeys"=hex:00,00,00,00
"DisableLocalMachineRun"=dword:00000001
"DisableLocalMachineRunOnce"=dword:00000001
"ClearRecentDocsOnExit"="1"
"NoRecentDocsHistory"=hex:00,00,00,00
"NoRecentDocsMenu"=hex:01,00,00,00
"NoSaveSettings"=dword:00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"greatdeafmovebike"="C:\\Documents and Settings\\All Users\\Application Data\\MemoSpamGreatDeaf\\Trust Itch.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3243795-fd6f-11db-b957-003018ffffff}]
Shell\AutoRun\command D:\PortableRoboForm.exe
Shell\RoboForm2Go\command D:\PortableRoboForm.exe


-- End of Deckard's System Scanner: finished at 2007-05-29 at 20:49:43 ---------

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

--- extra----

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 510.48 MiB / 210.07 MiB
Pagefile Memory (total/avail): 1247.32 MiB / 652.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1973.91 MiB

C: is Fixed (NTFS) - 146.49 GiB total, 86.82 GiB free.
E: is Fixed (NTFS) - 232.88 GiB total, 72.96 GiB free.
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (FAT32)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (CDFS)
M: is Fixed (NTFS) - 2.56 GiB total, 2.54 GiB free.
Z: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Joy\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DOLLY-7B11922C6
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
DEVMGR_SHOW_NONPRESENT_DEVICES=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Joy
LOGONSERVER=\\DOLLY-7B11922C6
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SCTPath=C:\Program Files\Microsoft Shared Computer Toolkit\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Joy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Joy\LOCALS~1\Temp
USERDOMAIN=DOLLY-7B11922C6
USERNAME=Joy
USERPROFILE=C:\Documents and Settings\Joy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Joy (admin)
JimmyJ (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
202 PDA Games --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\202 PDA Games\DeIsL2.isu" -cC:\PROGRA~1\Cosmi\202PDA~1\_ISREG32.DLL
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced Disk Cleaner 4.7 --> "C:\Program Files\Innovative Solutions\Advanced Disk Cleaner\unins000.exe"
BitDefender 8 Free Edition --> MsiExec.exe /I{8BFFDBAB-FD81-4137-A98E-A769C828080C}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
DVDXCopy Xpress 3.0.2 --> "C:\Program Files\321Studios\Xpress\uninstall.exe"
EasyRecovery Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Handmark® Super Solitaire 15 for Palm OS --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Super Solitaire 15 for Palm OS\uninstal.log
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk E-mail Reporting Tool --> MsiExec.exe /I{B72B06E0-0C54-495F-896F-E3ED2905624D}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Media Center Alarm Clock --> MsiExec.exe /I{8689A5F3-BEEC-407D-A6EB-B79F636229A3}
Media Center Playlist Editor --> MsiExec.exe /I{47E0D551-C96E-403C-A230-982A78C9D48C}
Media Center Solitaire --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ehsol.inf, Uninstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Baseline Security Analyzer 2.0.1 --> MsiExec.exe /I{7F231232-C309-4401-964A-2A002B6E1ED9}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook Connector --> MsiExec.exe /I{95FC84C0-9F15-4831-8605-396FDC42071D}
Microsoft Office Outlook MUI (English) 2007 (Beta) --> MsiExec.exe /X{30120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Protection Service --> MsiExec.exe /I{1C1B6919-00D6-4A9C-B993-1EF82F956530}
Microsoft Shared Computer Toolkit --> MsiExec.exe /i {BC69E66C-47DE-412E-87DF-D1B8055A9AF7}
Microsoft Shared Computer Toolkit --> MsiExec.exe /X{BC69E66C-47DE-412E-87DF-D1B8055A9AF7}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2004 --> MsiExec.exe /X{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9}
Microsoft Windows Live OneCare Resources v1.6.2111.10 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{5F9E8613-C1A5-4995-8E8B-3F178F439B6C}
Microsoft Windows OneCare Live v1.6.2111.10 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v1.6.2111.10 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Messenger 6.1 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600207}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O&O Defrag 2000 Freeware Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86E5246-AA7E-11D4-88C9-00105ADBE398}\Setup.exe"
palmOne --> MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PokerStars.net --> C:\Program Files\PokerStars.NET\Uninstall.EXE /u:"PokerStars.net"
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RegScanner --> C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\RegScanner\uninst1~.nsu"
Satellite Finder 3.6 --> "C:\Program Files\SatFinder\unins000.exe"
Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Self Test - Access 2003 Core --> MsiExec.exe /X{B42717D9-B16F-4776-A36D-C0C4C01CE07A}
Self Test - Excel 2003 Core --> MsiExec.exe /X{EB8B42AA-4DCC-424B-886C-C9AD38E0E8C0}
Self Test - Excel 2003 Expert --> MsiExec.exe /X{5ED2EC5C-5893-46FB-B58D-5541FB6CAAF6}
Self Test - Outlook 2003 Core --> MsiExec.exe /X{907658D5-3421-4271-81F6-044FA4C45783}
Self Test - PowerPoint 2003 Core --> MsiExec.exe /X{BB274A45-ADF2-49D9-91B6-646C5AA3A5C6}
Self Test - Word 2003 Core --> MsiExec.exe /X{9C45E959-5A50-4DF4-92E1-3E03431B9A6A}
Self Test - Word 2003 Expert --> MsiExec.exe /X{A63670B9-15EB-4772-9EC5-123FCE9C0C2F}
Self Test Practice Test Engine --> C:\PROGRA~1\SelfTest\UNWISE.EXE C:\PROGRA~1\SelfTest\INSTALL.LOG
Self Test Software: Exam SK0-001 --> C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\UNWISE.EXE C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\INSTALL.LOG
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
TweakMCE --> MsiExec.exe /I{8D5AC6EF-B91C-4E03-99DE-C72536BB381F}
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.6-test1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /X{619B8475-0F48-41B7-A370-5147F7092989}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Local Add-in for Microsoft Office Outlook --> MsiExec.exe /I{671CB656-DCED-4C30-90AD-CA75CB5C7BAA}
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Toolbar --> C:\Program Files\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-05-29 at 20:49:43 ---------

#15 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:08:05 AM

Posted 30 May 2007 - 06:43 AM

Hi Joyann,

Thanks for the DSS logs. I am analyzing them now.

I still need to see the exact error message you get when you try to update Windows.

Dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users