Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud Malware


  • Please log in to reply
11 replies to this topic

#1 Nosaji

Nosaji

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:07 PM

Posted 10 July 2007 - 09:12 PM

Can someone please help me... My brother accidentally downloaded a smitfraud malware and now it's generating what I assume are bot programs into my temp file. Luckily my ZA is doing a good job preventing them from getting out into the internet. Other than a HijackThis log this post also has a log of the smitfraudfix I was using at the time

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:16 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0

\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462

\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\TEMP\winE2.tmp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\TEMP\19180625.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

(no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1

\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-

Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]

KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32

\jkvktcuy.dll",forkonce
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winE2.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp

Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462

\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1

\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1

\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1

\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1

\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1

\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: FlashGetでダウンロード - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: FlashGetで全てダウンロード - C:\Program

Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.5.0_04

\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-

11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04

\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-

2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-

0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29

-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-

d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001021-A15C-11D4-97A4-0050BF0FBE67}

(NetmarbleStarter21 Class) -

http://download.netmarble.com/web/nmstarter/NMStarter21.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15

Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter

Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B}

(TTestGenXInstallObject) -

http://asp.mathxl.com/wizmodules/testgen/i.../TestGenXInstal

l.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX

Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2

Class) -

http://gamedownload.ijjimax.com/gamedownlo...gstart/HGPlugin

11USA.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX

Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson

Installation Assistant 2) -

http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA

Class) -

http://gamedownload.ijjimax.com/gamedownlo...gstart/HGPlugin

9USA.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control)

- http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA

Class) -

http://gamedownload.ijjimax.com/gamedownlo...gstart/HGPlugin

10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL

Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7034420C-900E-43A5-B2D8-

6DF34E0AB108}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bw+0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-

C34B9B80B32B} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D630061-563B-447A-A121-AB2F0831B576} -

C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9D630061-563B-447A-A121-

AB2F0831B576} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32

\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o.

- C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation -

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. -

C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) -

Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton

Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation -

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs,

LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 22350 bytes



SmitFraudFix v2.202

Scan done at 8:32:56.21, 07/10/2007 Tue
Run from C:\Documents and Settings\Jason\My Documents\My Downloads\Mal-Busters\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

ササササササササササササササササササササササササ SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

ササササササササササササササササササササササササ Killing process


ササササササササササササササササササササササササ hosts


127.0.0.1 localhost

ササササササササササササササササササササササササ Generic Renos Fix

GenericRenosFix by S!Ri


ササササササササササササササササササササササササ Deleting infected files

C:\WINDOWS\mgrs.exe Deleted

ササササササササササササササササササササササササ DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5D22B51E-755F-4A1B-99B0-3836E5D486A8}: DhcpNameServer=68.87.66.196 68.87.76.178
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7034420C-900E-43A5-B2D8-6DF34E0AB108}: NameServer=66.75.164.90,66.75.164.89
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5D22B51E-755F-4A1B-99B0-3836E5D486A8}: DhcpNameServer=204.127.198.19 63.240.76.19
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5D22B51E-755F-4A1B-99B0-3836E5D486A8}: DhcpNameServer=68.87.66.196 68.87.76.178
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7034420C-900E-43A5-B2D8-6DF34E0AB108}: NameServer=66.75.164.90,66.75.164.89
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5D22B51E-755F-4A1B-99B0-3836E5D486A8}: DhcpNameServer=68.87.66.196 68.87.76.178
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7034420C-900E-43A5-B2D8-6DF34E0AB108}: NameServer=66.75.164.90,66.75.164.89
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=204.127.198.19 63.240.76.19


ササササササササササササササササササササササササ Deleting Temp Files


ササササササササササササササササササササササササ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


ササササササササササササササササササササササササ Registry Cleaning

Registry Cleaning done.

ササササササササササササササササササササササササ SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


ササササササササササササササササササササササササ End

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 11 July 2007 - 02:39 PM

  • You have word wrap turned on, this is making your logs difficult to read
  • Run notepad
  • Goto Format and untick Word Wrap
Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 Nosaji

Nosaji
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:07 PM

Posted 11 July 2007 - 03:36 PM

Okay I turned off word wrap on notepad on both logs this time. I hope these will be more helpful.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:16 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\TEMP\winE2.tmp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\TEMP\19180625.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jkvktcuy.dll",forkonce
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winE2.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: FlashGetでダウンロード - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: FlashGetで全てダウンロード - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001021-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter21 Class) - http://download.netmarble.com/web/nmstarter/NMStarter21.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7034420C-900E-43A5-B2D8-6DF34E0AB108}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bw+0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 22350 bytes


"Jason" - 2007-07-11 13:13:13 - ComboFix 07-07-10.1 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ogyeikoq.dll
C:\WINDOWS\system32\skknmkgn.dll
C:\WINDOWS\system32\byxxwvu.dll
C:\WINDOWS\system32\efcyxyv.dll
C:\WINDOWS\system32\iifdebc.dll
C:\WINDOWS\system32\xxyyyxy.dll
C:\WINDOWS\system32\winadg32.dll
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.tmp
C:\WINDOWS\system32\qokieygo.ini
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\byvspon.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\d.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-11 13:12 66,624 --a------ C:\WINDOWS\system32\fhoeejcc.dll
2007-07-11 13:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 15:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-10 13:07 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-07-10 13:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-10 13:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-07-10 13:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-10 12:54 <DIR> d-------- C:\Program Files\RegCure
2007-07-10 00:36 2,600 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-01 18:11 <DIR> d-------- C:\Program Files\ARM Software
2007-07-01 17:43 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-07-01 17:43 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-07-01 17:43 <DIR> d-------- C:\Program Files\Cheat Engine
2007-06-25 22:06 <DIR> d--h----- C:\DOCUME~1\Chris\APPLIC~1\ijjigame
2007-06-25 20:14 <DIR> d--h----- C:\DOCUME~1\Jason\APPLIC~1\ijjigame
2007-06-20 11:48 <DIR> d-------- C:\AOL OCP
2007-06-12 21:50 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\gunz-mrb


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 20:09:42 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-06-23 07:34:34 -------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-06-16 02:24:37 -------- d-----w C:\Program Files\AIM6
2007-06-16 02:22:25 -------- d-----w C:\Program Files\Viewpoint
2007-06-06 05:12:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-31 07:51:23 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-28 10:23:15 -------- d-----w C:\Program Files\Ground Control II
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 15:29:40 9,042 ----a-w C:\WINDOWS\mozver.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 10:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-04-12 16:30:12 44,550 ----a-w C:\WINDOWS\War3Unin.dat
2007-04-12 16:21:52 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-04-12 16:21:52 139,264 ----a-w C:\WINDOWS\War3Unin.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 11:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]
2007-07-11 13:12 66624 --a------ C:\WINDOWS\system32\fhoeejcc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:39]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 09:53 C:\WINDOWS\SOUNDMAN.EXE]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-01 00:57]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 10:33]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2006-10-05 17:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-09-19 00:02]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 20:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
"C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"AIM"=C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"WINDVDPatch"=CTHELPER.EXE
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\setup\rsrc\Autorun.exe
dinstall\command- J:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2be1e308-e500-11d9-8f32-0050bacc79d2}]
AutoRun\command- G:\SETUP.EXE
checker\command- G:\TEST\CHECKER.exe
dstest\command- G:\TEST\DSTEST.exe
dxsetup\command- G:\DIRECTX\DXSETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdc3c06-ef3d-11d9-b186-806d6172696f}]
AutoRun\command- G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91f908ce-5059-11d9-8d94-0050bacc79d2}]
AutoRun\command- I:\setup\rsrc\Autorun.exe
dinstall\command- I:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f39fe3fc-2962-11db-8281-0015f23330ed}]
AutoRun\command- L:\LaunchU3.exe


Contents of the 'Scheduled Tasks' folder
2007-07-07 00:17:59 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-07 00:38:30 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
2007-07-11 20:23:40 C:\WINDOWS\tasks\RegCure Program Check.job
2007-07-10 19:55:06 C:\WINDOWS\tasks\RegCure.job
2007-08-24 10:12:11 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 13:23:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-11 13:25:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 13:25

--- E O F ---

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 11 July 2007 - 03:50 PM

Do you recognize these files?


J:\setup\rsrc\Autorun.exe
J:\Directx\dxsetup.exe
H:\autoplay.exe
G:\SETUP.EXE
G:\TEST\CHECKER.exe
G:\TEST\DSTEST.exe
G:\DIRECTX\DXSETUP.exe
G:\Autorun.exe
I:\setup\rsrc\Autorun.exe
I:\Directx\dxsetup.exe

#5 Nosaji

Nosaji
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:07 PM

Posted 11 July 2007 - 04:35 PM

Those are from my Daemon virtual drives H-J they all have an .iso in them so I think they're okay... however G: is my physical DVD-RW and there was nothing inside it at the time of the scan

Edited by Nosaji, 11 July 2007 - 07:16 PM.


#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 12 July 2007 - 11:53 AM

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 .
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)


Then close all windows except HijackThis and click Fix Checked
  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    File::
    C:\WINDOWS\system32\fhoeejcc.dll
    
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2be1e308-e500-11d9-8f32-0050bacc79d2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdc3c06-ef3d-11d9-b186-806d6172696f}]
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as ComboFix-Do.txt
  • Now drag and drop ComboFix-Do.txt onto combofix.exe as in the picture below and follow the prompts:
    Posted Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


#7 Nosaji

Nosaji
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:07 PM

Posted 12 July 2007 - 01:05 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:56 AM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: FlashGetでダウンロード - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: FlashGetで全てダウンロード - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001021-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter21 Class) - http://download.netmarble.com/web/nmstarter/NMStarter21.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7034420C-900E-43A5-B2D8-6DF34E0AB108}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bw+0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 22488 bytes


"Jason" - 2007-07-12 10:46:19 - ComboFix 07-07-10.1 - Service Pack 2
Command switches used :: C:\Documents and Settings\Jason\My Documents\My Downloads\Mal-Busters\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\fhoeejcc.dll


((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))


2007-07-11 13:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 15:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-10 13:07 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-07-10 13:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-10 13:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-07-10 13:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-10 12:54 <DIR> d-------- C:\Program Files\RegCure
2007-07-10 00:36 2,600 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-01 18:11 <DIR> d-------- C:\Program Files\ARM Software
2007-07-01 17:43 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-07-01 17:43 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-07-01 17:43 <DIR> d-------- C:\Program Files\Cheat Engine
2007-06-25 22:06 <DIR> d--h----- C:\DOCUME~1\Chris\APPLIC~1\ijjigame
2007-06-25 20:14 <DIR> d--h----- C:\DOCUME~1\Jason\APPLIC~1\ijjigame
2007-06-20 11:48 <DIR> d-------- C:\AOL OCP
2007-06-12 21:50 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\gunz-mrb


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 20:09:42 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-06-23 07:34:34 -------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-06-16 02:24:37 -------- d-----w C:\Program Files\AIM6
2007-06-16 02:22:25 -------- d-----w C:\Program Files\Viewpoint
2007-06-06 05:12:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-31 07:51:23 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-28 10:23:15 -------- d-----w C:\Program Files\Ground Control II
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 15:29:40 9,042 ----a-w C:\WINDOWS\mozver.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 10:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-04-12 16:30:12 44,550 ----a-w C:\WINDOWS\War3Unin.dat
2007-04-12 16:21:52 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-04-12 16:21:52 139,264 ----a-w C:\WINDOWS\War3Unin.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 11:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-06-14 18:32 509592 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:39]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 09:53 C:\WINDOWS\SOUNDMAN.EXE]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-01 00:57]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 10:33]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2006-10-05 17:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-09-19 00:02]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 20:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
"C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"AIM"=C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"WINDVDPatch"=CTHELPER.EXE
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\setup\rsrc\Autorun.exe
dinstall\command- J:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91f908ce-5059-11d9-8d94-0050bacc79d2}]
AutoRun\command- I:\setup\rsrc\Autorun.exe
dinstall\command- I:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f39fe3fc-2962-11db-8281-0015f23330ed}]
AutoRun\command- L:\LaunchU3.exe


Contents of the 'Scheduled Tasks' folder
2007-07-07 00:17:59 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-07 00:38:30 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
2007-07-12 17:32:10 C:\WINDOWS\tasks\RegCure Program Check.job
2007-07-10 19:55:06 C:\WINDOWS\tasks\RegCure.job
2007-08-24 10:12:11 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-12 10:51:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-12 10:52:49
C:\ComboFix-quarantined-files.txt ... 2007-07-12 10:52
C:\ComboFix2.txt ... 2007-07-11 13:25

--- E O F ---

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 12 July 2007 - 04:21 PM

Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the kaspersky log, a new HijackThis log, and let me know of any remaining problems

#9 Nosaji

Nosaji
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:07 PM

Posted 13 July 2007 - 12:25 PM

I think the smitfraud trojan that was behind all this misery is dead and gone and you have my thanks for that :thumbsup:
Other than the occasional virus report made by my AVG. I think everything is pretty much back to normal. Hopefully this report can help you in helping me tie up any more loose ends in my PC :flowers:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 13, 2007 10:00:46 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/07/2007
Kaspersky Anti-Virus database records: 361893
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 282097
Number of viruses found: 27
Number of infected objects: 102 / 0
Number of suspicious objects: 0
Duration of the scan process: 09:19:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\006a3ace26b7f200bccbe6f02e5ce57e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00d5244b7e3c445556f2fc6245fe0108_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01ec3736f6bfd907af1b3d237832395e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\023e8ee6796df593e1bec7fd66549a44_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0269b9722403b51741d5598987a71e22_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\027249f838be9bad05e3340da69037af_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0295d21cd032a2d17e1379ec40747255_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02b4d01cfbcc0725df89c5415352a5a3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04452b980621fe56f7037ab370d80960_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\049f4d492f0dce8611fad0afc65321f1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04d01bfb7397c12b4ba1675a1f5ff055_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\050a3329e3d7e5ad149c699ba2a94540_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05e874d79a3afeb22958211306cffc3d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06f7591e335e840c883a045a5bd57945_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0765329e5e89fede31fda0f3e061af26_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07657ea0d82f5641079a75e099de2e70_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0803054fe44811a26d0511dca906c4a9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\084f5ac2fd2c365042eb4166a9622036_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08721e989f525500001d624e1c478344_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08bfa48cfa2733b296a834d7c57df999_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08df4f296e38d58879ffd5d05a360c67_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0908aea4f6fac5a2bf10703c2ed40292_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\091685eefce203b3377c4392fc07b5f5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09b3145e7e9e0863dd4368ad4c975d42_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09ce0a2eec371c23b11a88fba425cc69_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a06fa12b65e8ebc554ac54bd16f0f9e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a11fe6c8896ffd2b41934e154e88bfd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ad2650d5990baef7ddf0d90ebabe3a2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ae54759fe1b20deeac45737c9db2139_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b13c888adf85ea6bcc092bfae4ce231_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b5213cf173e8a095ff91a35abd6dae5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c27be2efb5a0bc933b68d186f838005_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c4e979261433b06c6ea5e8754d0b9f6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c647c38f2c5c4cef94b8c76ea7cac21_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c95c8de7692301053cfdc2cacc409d0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cc350186db28b4d45750aefc6ad6f5c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d5e4a304164bdc8235a74953d12fde3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0da476beb0970b9ef192959be9ec1ecc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0dbadccd70d22c5d09dd0357e09d3cb1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ddf15bc9f5f5ccd087fcda358214b31_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0dfa120e307e5afd80cc847d9e6c515d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e3dcdb0132af5fb620e0c9cf1cb7111_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e41e5dba11aeb64081ec3af9590bdb5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e4da4629dc065a629e3d6634460d151_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e789021b38d73fbd15b97105d62e244_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e9afc787ca29628f35a093b0f7a1555_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ee2e4b5a64ddca715424f41a1465d3e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f15bc3579d94b4a2af074321bcd9411_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f3ebdcc9e40258ba8f2c3f93f6f1da3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f4204d00dd61b42ceb658c88af7569a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f433158b9bc6f154c89e4d7f047e95a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fb2fc7cb2ec19ab3dc55a6f56036060_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\102bce08a99729385fae26f095424621_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\106b3fa2827341902358179f36396d6c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1107894cc9119a2b4355655d297a4ac4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\112a8bc4bc684a4a7ac476a1caabef35_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1155eb83486b55852fcd4fab25f54310_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11f0baabd0a2e5bcafdd920434402959_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12b00a3c3f96e373f8e78a0f5828f7b7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12c7eeab6f13c254e06c5b81c11e254c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13936d130c566388c0a984aa7324e5ff_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13ee9061739fb4928396b6fe0486805c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\144b44f5037f9d9abfe436c8b169001c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\148867053877d21124e3386b20f0ac43_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1518c81f6f0049075b3785c16f25bff4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15254be0a8a70096a78382ac2731fb28_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\155762e191191e21ffc4b228ae3c6c48_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15eeabec457810ef1d128b65994021aa_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\160efa548461c0b2d6519f7f01064b95_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16b9f84f8ea996c1a7e0cf6be0f2009c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17464f3441cc47cdb8f60f9f9422f08e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\194506c473a29cdf196e96421d8b6656_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19b89a8a5cc220e7b9660d1ef21c5cdc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19c92f5533e79f9b8eeb1427439ca9ec_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a01e3a99cbba95856bfa41f50c1beda_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a411405646b80a0935ebc6e6aed6d6b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b6a790671febfadfe03699c56dad1a8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1baba1791bb8b6427aec95972bdc69a7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c4fea2b922716ff7cc765a78721a4bc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e8d9931c2e8235e7cbb58353833bcfb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e9ce2334122dbd254e29d676a8583e2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e9dd7974d179e1b14cf8fbee81f766a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1eaf94da2ab6cf8cd202be90491dae96_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ed0eb813388b8efac5f59890f123cb7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ed62708f69758084acac4683b1fb628_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f2b585779fd39caebb13df1237c44c0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1fb7d10cf9289efb539253e9090b6689_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2031a52be798c19d0e5a1b8e96ac3cae_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2040c0f95e1a826a7ca2470c6151fd09_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\212f777f409f3ee2763f9d5842e619d3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2198c3bd276140f1ba8472f5dae2649b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21c0479dfc74a5984a38d3c7a4a1607d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21ccc2e22d6053753d82b5f7448e1c71_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21ee984039000e46ffaa51677bb86ac9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\220a36abedec0e18e043c763ccf81829_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\225ac92421f6d038fba2b60130596941_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\228a63b1b2a8bf6cd31b1b730a80808b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22cafede072a51d9d18635a494c68e14_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23d4585d127c4dc5aa892d1c38d23816_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24a61db5fa703721b3041ba40efc4bad_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24c9336b7a55b2760005ea448c946225_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24fd150fc9ce8108ee1f8e228cbbe028_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24fd59b85ed1c00f7c27e46ab2c4af76_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2541f83cdefb32f382253c9ce9aba7d2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\257cafc6fb21204c6818ad64832376a6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2584ddb724c2979147072a77071193b2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2634f341a5e4f17e18063d13d326c536_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26bb392202f88d38f8cbcba99a9f6f94_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\270c17ceca364fefa24143d49533c108_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\271fcd99656923fbdc31002f9db10c09_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27a8a3dd71e70c2b542119ab40c66af3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27c33774954c038ff0bd4aba4e026136_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27d90d5ef67743d9d4c74532ec3d8d75_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\280c559256c92ffefaa9adf48a4ce905_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28f1c3869a8a91b7a15790819dd85e08_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28fba54818b4802b45a1281255aff9bc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29be8361fce7ebadba0023e46848c83a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29f12ca1381f8cb2a2b3e2d0e0497cdd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29f75192c91f165e8a36c306bcfc1356_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a162de69e12f3a0c0f0932cc64b676a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2adefddd2a60c1f5d1a9d6c823a82eac_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c6bfdcabc5eae1b642cc3145e927563_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d1d85e067ac274b719e7c631142886e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2dcf6e8a7c49035298a320f98d896775_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e613245ceb4a0d04e67ab3c91deb143_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ec4f6e8567b6203fd8c587411cea805_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2fe73676780b7a76e9c25e59b4a923ad_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ff80748269df39308256da52d7a2e70_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2fff47d01fc927132bc460a948cdbc82_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\304127beced05a12ffae01e5ee468d3e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30a65c0c0f8d0fc4a5d47d0e47848c9e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30b76faa72d39f76f5ef3f048f19b2c3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3199e2b04fdb384f3658b7b4a865dc53_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31c4c6419d65b8ce61163a63d4c78995_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31ef5279cef436c3e96c25ae270a1e62_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3237cedc6965357fdc3edb99828fe8c6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3314d011b64c2caf89a08c30598786cd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33407e72f8c53597d146a4fd6d8bbe73_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3384958475f88ea869e4afbbe8b55783_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\340c17eac6c6939b662f834f8b5bdc2f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\341d6a07ff0e7751bd396eb1395a4458_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\345328fb9220340d166aa43addd608e1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3455447a0bdcca87dc8f5423ae36f5f3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\346bc2fca8f075da8edb43215a1c93f0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\349c2780dbea67d241d9763b77966f5e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\352a2f9529e8676daa6b8d051608bcce_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3598a7f27273d783336cf8fff4ea4441_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35bb7b8adcba8dfd860491a4b601d3b1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35c9452280cc96995b4d4e1c7c1f335c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35edb9be03a315d734fa16b08479831a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\365ceed293a5a6587791d098092b3f3a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\375d9288971880450055f8519e8e20c8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3767c2916805f7a21e3e2f61bba21455_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\377c273e98a4e6f25d8d64d65638081b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\38728125e0930689c193d2436987c7a2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\389b4ccba712895eb378d8aa98c72e2f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\391a7b4d1a1bae2efa10fa59f5a329d8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\393ec17c375c8151bfda6f0174e13f11_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\397be89fb149d537e62e0fb7e8e8b50b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39e5cf1583bbbef95d22e3c5cd762e3c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39fe518e73c05147c66f69b264161d5b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a53ba8f59c8d634609646f46c77e4a4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3aa99800372968b9d1abe3fd560ebe9b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3adb0bf14aba2fa2fbaae7f30a65afaf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b57e4b4ede951bcaf2e2bc8b1aecc96_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3beb6b8e59cc4db15d8fd2527802b3a9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c10ba7e858c50361fe8315fa4af1797_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c28e0395015584e204223fe191dd776_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c36636f070dce4fa3defeed5bf71857_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c3f9ee3dbdf6237572c8c3096d21acf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c4e66a76dd3c450582dd93ff67f5179_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cfe5d3f4d5212fedc631a76e4f02aa1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e8f4ab2ec67f2854f0c199bb3bec4f8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ef3fab0e71caefafa346026ccd1de76_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f1c35d1cc8bf69485f4ea45e32dc4ef_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4011ab25b042d53e92894dc1cf55ace4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40252a30e411d925ae10e436b679be40_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40dad616c7d973114900d6f799c3ac2f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41927d3d002b942667dee114a4e05e6b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\423608abc0b436ad6cbf61bd2e694c02_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4237b24702a0a6163c288f8c4c4e0c54_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\424e2eab34bf55b0dbba6b0c8361ff6b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42d0e6871ddda281efa0c4353c048a12_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42f45c955260bf19d2a10a5ab5abb122_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\430d4ee70c4975ae1b0b3b41fc06cca6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4335c081d05b2be07d740eed2c9af7f7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4358d218ed33b395fb5aea03e9ba4eed_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43f6ad56f7e8032abf972572f0bc8ab7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44735ef67eeeac73a10e0a2dbf53ac81_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44ff2ba180709fec22799114a0fbf7d3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\451d8878660ca15425a24217031a0c51_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\456e128ad74efbc5336298f8ff7e16f0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\457c49f678e9e6935b7a269eff4bf876_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\45ae9233500699fa5a0e1c9d2bad4fdf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\45afc0db788363971e25a7df77f3b9bd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4604a859de3ebd9a4f0bd6ddcaf20f66_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\460a57013a93e5476835627f729a3e8a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\462cf8e69f04895d51cb2be41e36a668_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46765b7a2d80f04e92629a1d751e6313_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46871ffac7fcd395a3677d80e0a91685_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46a82ac6ad65c026cc76a10e44bc93bb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46dda9e6cd4bb547e855cfd5aef02134_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4763c7ef786a8a5a9091d8a74665f3a0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\477b0812d808e61d3eecbfeffe804983_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47cb27be222ff794211f32e8a2465f9a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\495adffe7171f3a46fc50c1577cb6fdf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a0742669d6205d55582a88823dd6366_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a4f6680e432508da0e4b0d92b19ec4d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b3221c9d3c05eef4ca009790b594746_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b4b23d1ca2c89c1e7d172523489a469_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c1151a36e85d9fe738bd4c3ec48238f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c249f4ed3e965f78de1238d93a4dba4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c5467c89245d32422c1dc67a5616bc5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c55e1cadb398471b49288df93b5733a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c99c2a309d99fd5bbaac4c4c19bedea_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4cdf4e7275638a5bbf1198e0d03522f7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d854e5da39d65a4d5ea3d242060257c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4db7f612ac922949095b8f3372b5f509_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4dcd984c0baf666107312c061f0b6404_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f20b822f108393c4c3c5658ea28919b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f23ab952f0a1053502c770d8c3b47fd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f292d2e5331fcab31fe75d170a25fe9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f2947cc3ad616d18731c94870e0be8d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\509174bd7b4173a2ccf8a8892c89db21_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\513be5b0e6248c38c9b883b1024071fc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\514a09a8c9a5b891791e5117f16d5592_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\514c0a11f5574970e5ba659390ad760c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51704eee90d29ba89f207406628c84a5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51a9ccc76c9faa61bb15cc33c8d240bb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5236a5bc23551431717a7d9bd9473484_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52567f1a1616890e19b7ad9bd1112291_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\532d1503b0186915e5b6bcf11d52c1e5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\538c3d31ae23e9d03b2447f82027c583_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\541ee219aba40a6893fa5abe9d355868_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54a7a050ffb9fffe33343052f48fd75c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54b5bb44109bb737c379b6b9d69a16c5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5563b6cae80c58d62190b23a1fba97e1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\558e4638dbf9f91f02b5b4e9210da8d5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5593f717e5fe046c23ff60360114d2c2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55d2683c3bc026533f7d656b562d3088_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55ecc07da3cb6d2e064c9f6d58b6ad42_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5660d210070ebe36945318c8796ecd39_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56dbe6d2a76bb24df93762d58e8372a6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5708bbcce36625fa289217c0ebb52977_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57a22aa4d32fb10308002cb8dd80434d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57bdffa0c89a127a081a06d6d0fdadd1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\582a6cc04a595c878887b815541cec51_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58429277156f01888b26ba6f618e6568_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5865f42975a88723a136cba94960c6df_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\588e9da08b2fc98826316b17e25cf692_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58f05b054b3fc4c010dfde1d1b8bea8a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5908624feedeb4a87a6e69ef84295632_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\597f942c3f247f10f8108de719068034_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a0f06a362f18f1fa684853ebde30610_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a18da36ac9843a880e8228432752748_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5acf8b679a44b82bccf0cd3ad77a3292_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ae17ce0e28d9b6aa00dde99a5132d1b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5af061a82a1a4d6eab590e8ccf128c6f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c02732590ea953944bd842f25cf1e54_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c4530c80b382ca3831bef79e5149248_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d3f1739e7e40fb4a916aec1b8514bc2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d7a7e57b80e4ece9429b0de6dc054ff_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e26c351f12f2215843e950935e0d086_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e8905defc313fb29ecdcdaddf170b7a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e906bd5bad4b0058cad8aa77f9a09e0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ed4982b7e1e7fc2266a78a7e9807fcf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f3d3fb1de939d3eaed6b90a69ea75ec_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f8f8264942376cfaa8256092c8e963b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60b950c8dfb1284ea876b587e481f538_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\613e311eb1ca4a245c34bca6b29a563a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6272e61aec7909db196eceaa06934b65_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62ab8c41f89a61128959b113abe1a198_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62b203ac2f8974b9cef344f9eb559e21_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62e6dfc2a3280ec4ffadfa01fa18de17_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\640e90de3e642a9264ba8112620248d1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6454f17dfc3a9e6a3faa17fc840feda3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\649173d17836f3fc3d6bc19ba58e6f1b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66d60ae0dc09e64ebd7a6beb3e8494ae_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66eede3cf16b4ffee3de4f509c6d6196_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\670b759a0224887335563c495613e475_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6750fec2b3c2bea19769cbe0cb78c031_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67dbe3f9cca6074fef7b7d1869d4fe5f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\680fdd5c8e227291be01ba35f5edeab5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68eab625fdf830b740831cfb8e96c3bd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\690ff63ef6a441fec18207797fbc9b0d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6986c2e225801d8229a150ee637e2bdc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a37db111c12bf7591abc8eb3d61e664_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a7653a330887159c15d0060ba1fed80_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6aabbc13942d4f91404cd38cfd7c4e26_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ae803b417c8d0ebc193480bb981aa06_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b43cacce75b09630f53d73801d0f132_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b79bf0a694f1345574f7aee236803a3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b9cae910ee9a341232b8ae4ec44f1b4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c0aef8661649ef5ad3aea33aac73b9f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c1190b3d735052e7c677e06c77acc49_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c1861638ac88e3153449e57263e6ca4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d0a50a9b1602f2f661139c6a2397a9b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d40ddcb09f1e536f8184f788aa23275_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6dd4d08e129d235071ce05242ec13390_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e2ce583ac5da4d0c9ca52116ddc9d1d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e49eaf9130ae44fe76766eb3dbc3918_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e5a6c6835edeb131593ed072c10c5ab_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e74841172583f6131a3c4934e2d7e29_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ea8f772a9ab7a5b278f897f239ccca8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f16f6a56f6e4624303368f305114821_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f4867caa40c60b011a160423721184c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6fbaec1e58208e7cb0b1fe9b4013b40c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6fc34ad788225a2374ed8c7b0511a95a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70164a2eb2d170f2670d3b82bfc1768f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\703a0c581114472bf639e5dd86133639_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7112a71a6f2a0a35e4484c52b1bab716_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\713d38c1211a6f2a91175ad9359e10c8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\725590a03ca1b58bc7749cbe4e7306ff_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7256cebca00bb3a58d0250f7250d7e52_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72867831431a86fdd7b471332722d627_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72ae1467c3eff83f5e98ea6d60b0da47_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72d7c7be4ab65495b8266024135f963f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72dfae7bc7e047a382a8e03573c8c215_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72e6eac00643ef9e710d41d7fab3db0c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73518f253d97b543a4f4278e0fa9d3eb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73733adef30b3356a8153c595871754c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73998c48385db544e801f67bfe2065f9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\739f704db94fc7edf57336ef7f7ae52c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74110c2c6d4a43c974bfc7c5d6554dbe_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\741571589f07c012e7427f619af65e3b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74aa760139d8bd899379976a68f11fe8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74cc4ffa8cd99ebd696b2fb0ca4698b5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7531c8b7405fad8cfa7ba4e7b3069aac_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\769012700f0df8721940d8b88156768b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76e9dc611df2c77cca6ca5c0f7877223_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77390910b2123e6a917db73e2be20ec9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77b23c8901375e2566b5d4a00768fa17_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\785d69dbaee6ffeaf651be508b2a1053_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79254bc29475c6e1624f104832da376c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a1d781784f9a19330c64195dc574359_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a6ca769def8d056656ad4ba059d9f5e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a9b5f967347a5698a7aaf8aadaa0be3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c1accb8641947893a66a0b70136eca3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c3239bf23cb2ab5d7008d63a8461823_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c4f22d8a34a45f7c32f98fa9c403dc2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ce542251d3de046101eded1fb4ff6f4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cef34683f2261a797f6fdb866056046_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d1f1a7a7297956a937053db35b2d896_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d738aeddb94c85125c243773196ae10_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d8a2228232500f33d224bd1a552d153_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d96452dbbd4858c2d657bc25d5d002c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d9b734be5a12902cf2a34a85d2b5518_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7dac76f82f950707e5e55646a366029c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e5a71237e92d3926668bef1b73dfced_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ed78587df432800f3c527d580fbc4a8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f352f05ebb90739b95d0f10bd704d18_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f59deba27f3153bcfab87d6bd05a7d7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fb34df1f1a23bc782f6a837cde159ca_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fb795224fdcdfd823ff7eddf85b40a1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fe09ed2af9c7f620557eff8b3724085_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\803dff41c9366a5d5eac22d9c05ccd67_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81af395796dfb79c0f7f26edebbfc663_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\825187de286aecfdca78a5bc9552b542_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\827ed415d037ec1ec6692a0949b274cf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82ed85963a3e6f213a765ab9af382577_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8329862ace7196649b1cdc3cfaa72ba0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8390e1490cac15c23dab1d86ddac8f97_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\83dc50ee0fed5fcb04e8ab96e9b57204_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8421513a839e4c202ab591432f41f6ed_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8467f7faa32d4eb468a29ef28eb6f65e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85456665c246f58fd639b4ffcf92dff3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\857443035450f2477ce18168d1aff04a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8667178de9af4d109aa17ae93b3b760f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86b9b6dee8f85e0642e97dedab1c505e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86eb01c9687033740588f8bdf35d8baf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8703d78cc212dc42eb50676f6485359b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87311510e81a0c435397feaabf5e1714_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8736f193cf2a1ce2ec30c42dada90600_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87936c0d47ede5bef9771ea7a1c6e2a5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87fa268e09d805561391fb18f1f93bb6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\880fcc9a29f63f2664e3c3ba25ccbb40_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\893b4711a4deb3f70a1d758d7c750cf3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a79dc1ffa6500f947cab39ca05ae8ca_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ab4da3705c7d6a69ec83db1f3b8cca4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ba85fe7b0043132687ed5036f8a89ac_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bd29052fe30463125c5f19317c26f85_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bf736da5b5e9d46edc73113ee4e6f60_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c165ef31fe4d0f19817b65494eca92e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c4488d119871d0daa5d1962b34b8e81_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c9132af23a184d5159919a42cbc5684_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cc3d64d59b3975aff85c7622f03dacf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d89403c8c8ea5bbe88cdb045dd2b3ea_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8dadc6c370f02eebfa7e2def6bbe4562_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e2f563338ca68162ede0d9da876d16a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8fc0214e2cddae56dd209aab38de09d8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8fc825f11d838940458eedec305e4b2a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90cfacbbc7f4c276e5c0a511e2919de2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90e1495199960bc315d2380488f13827_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90f348ef3c9b1e7234e81511ed473d6c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\910c709cd8c7cb064f0f10a5687a7b9c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\915ce732bef78177e007393db838668d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91a2960906ab0db5a33b15aa55dec97f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\922e9e44d829e723eb15f0a06d988b22_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9290fe94f077fb2251130baa156dc628_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92ae8e8bc690bbb3157ae89cff03e732_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92e8a392d94615dd11aff70e34b2430b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92ff36671303a420ccfee4b4a5df9d0a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\934a98cc067ead5ee9adab8e5772bc0a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\937a5f6e091dce352c40df547a62317a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9398a41c3ccd73431b92e38a07c7bb39_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\942b3edacbd966ebbcbc4e4e8ff3b9d9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94c2354d723fa2aed00c80db661f7d6a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94e683d1669463d8a838b79338d15ab4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94fc6e2d9e42d3b926929991ed963844_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\953b10a41eb128577ee186a706fb828c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95ac0990e94a9296e91649e0341a47bc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95e16afef81dc6abdb0e300f924fe23e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9624ebbcfe58c9b17f9aa47e7e37cd57_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\964ba6bfe95171e4d7627917e7a889d5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96daa5c9a16f545e6f594ae005f22412_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97312def4d4d13fc2b9cd4558b69374e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9785f68eda37e6cc3df9f9d474f82686_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\978cb882c55c49fb16cf032581b3435d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97ac30be9ce1908e7a498fbd1f385e9e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98d8c5c7ce5c85b74e4a024f824cc5f7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99075752822ff009ee58df0db323ebd8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9909a3d94e1ee1d182f5621e03bb1eab_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9927582348c2f079d67cd1ff66ea90a1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\995ab815dd1ce52b4bb2ce96da381070_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99d826327e5b64b0401542a82e89d386_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a75a6dacf2e76e2b69843ed396a7c45_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a9824685084c11a15199dc11f18bb02_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9aa8357085202a720e4fc56fae4c9593_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b4b64fcf4506c4eafba929193032d95_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c2c16b9644420a1bf13d0645227b7c6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c5054abbb543865c5f072b2b1f10602_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c9c11d952ac1daf44b2fc8453c6430a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9cbf73b646567b0e3164e5b0872f4880_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d27e86dcefe9629ab99c0ee8bc1c5e8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d618c467ec00ef21c5261f32034c8a5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e581b026524d9d6084e2358cb6bd055_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ebb184dff0d08766c04da14cebe0b27_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ffbe06e9feb5269ab65e367cca0676d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a08e73ef998b0c26cc68ceae55a671cd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a098c192fdc41ba0576950f6ed817287_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a10417c7b4e69b6d39410a387783aea0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a12259f12cd21cd14f9f32c26d457fa9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1f7527cbdcbd30824c83ebac00b2e6a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a23d11e016e987748f7926f3ba56c522_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a25a9dec39a7c3ef3a9d7abbecd04705_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a25d7ef8a4125f5fc00133768e57eb06_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2766f49bcb436007ce92ce9dafb2a72_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a29f728c7ebcaca96adc40cea5ac608a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a30a45b982f87f8868e137ad6a4a91e9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a398fef0872abbf586fbd372595bf4cb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3992f8b016d007c9bac40199e13d74f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3f4612cdf7e170829cf11d690493d3b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a470fc3e3048b94d4fe5462574824691_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4e382675716495de123de5d628ae809_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a52fcf47007e7eecc757e88e38b62fcb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5b664a9d295e62f8e7e1d20f9da48d2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5f3d4a73a018ba1448e8b974ae81ea3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a60dd469df7c3300ba86acf06f19b3e3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a63caf7802e8caba8cd54e554a2ecdfa_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a66ec6e95418fe5c885fb77bcf4f5870_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6b91a64d3560f0d1cef7d3f6b5dad14_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6fc5af2f955929217409c9b9cda303f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7023298f6850376c38dbe0763ac8ede_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a717f44f087529ee4bab61a181df29a1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8398c17226247f6773fc2571bfa7278_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8a6d16a496ff52d957f84c5e79efefc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8f9e511d47e77bf05cf076212f2ff8e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a923159a0d522151cc97c819dc000666_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9c1b1b3d6da30cb1e02bb4873c52bdd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa77f0f2ced85c83be39753006b6a127_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aafd8d2a01f73b7779a8af1881a3892e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab153884b8640bf4b860fab8b7232c6a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab5e0cd6b2ba56764dd44ee22985bc90_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab6486e10ca4a697b32a6b6d08bf7bcf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aba48fc63bfba495343604b689da02d5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad0b48068bcf067a685d999c8cfcf057_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad215f19b277889e896aba8cbfc24add_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad47a2d33dbbef962b0a9ce813f469b6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\adf8d4bcd97d8c09f434b574f306553d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae8610416d5f78ae7fec083ed12e41ae_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aefca30408a53521e4c8fe499c0f3d71_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af9819022990f5dcb19f0f988e6d6080_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aff531c86b2644c96df2a75e82a209c0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b11d539438f023fb5f6675a1485dfdf6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1574c14f6d877f548d9969f2a2c6e93_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b15996fc4568d22e06572114d640655b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1d1d14185a08d8cd22ffd1a01829b4c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b267d0705b6dc07090e88eaa4960a135_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2a0a4bdc09b9892c91280c3b12227b5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b33a12076a7f262653c8dd73ad9e84a5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3ddd1548368c43a89bf64fa7cefa27b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4716551d5208e70e282ad945d875d6b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4bf8c431365f02d1e1e39a53da74d56_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b557ee2b3b433207789eec2f3b38f7c8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b56d3e5923ddb25b2a6ef5789df091f5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b580c76f7693efc0b4c28711599f5e6d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b58f82e8a68f1b20de7f9bbdbff69d6c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5d97c80777cdb6024a47d8b1d431691_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5fcf7a9951df5c38b4323232237c596_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b600da8b07111f193f6f53b1a874a466_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b66ac5646112daadade81be94a956285_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b82471dc254c6910ae7cb1595ed4c285_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b8dca757a29bc751f2025e7ec0abbf6b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9784cf7c8f75b5e314f40fe1ef05036_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9de21872519f0e243aaadb9ff63508a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba1e579979aa94417b9d50271cfc6687_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb086492a106c2f404249d37060faeab_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb1dd905012e13394bed634843f95dd0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb1e263e9b0aed14c2c2d726f4fdef16_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb3a484b29b1e63e07cf297241de8b11_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbe850883c1cec895380fdf1f4015a50_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbf478850aa61a928d62b54391659874_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbfc0220805c09a8f2f2aed6cb5c5b15_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc22133bad3d1f958b68cac45cabe62f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcd0a8c8ef82296639cd2ef692d8bcb5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcf1db7d84e2f2e4a08612c06657e307_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd525def5ee37365f12811f867a685c0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bdb86853a7d664fe43e799934ea80cf0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bdc2c68b3d8e43c299f671e89c218667_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bde2b0d3032101dd8f80a32d015fe388_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be5030210f0c8f5e42c20c22d4eda403_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bea2d02ce14dda70e08d8ea764896bd4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\beac2655493dbaad8286bfef220384d6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\beb5b21f9f212c6c73fdfed56c9adfe9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf650a53c89fd5ba0da4064e7057aa3b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c06d209b0aeabacb981548cd55ac919c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1c4929f483dc8d08a9efa84cce01247_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c218f001cfabcf2d9b4e28ac84495cfc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c362017725ad567c417a8502e13b1fb0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3becf46d57899f5f1db640cec2dd32c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c41f15485859f147fca572811cbfabe8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4612a7b17cfeef4c0f71cd5c934014c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4ff9bcbbebf5f970b9dd08e49e620cb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c504a33289acda370bf6ac8132f493dd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c53bf91acc621dbb57b6b9678223c12e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c61e1eb4667fc4eea974c552cc4c894b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c693e63030f806aa6a9891cc40e20178_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6955b5a499234c2077427e1f4058f1b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c69aedb19eaf6fcbbc49e2132e8729c1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7700eabb44c2d06874aa81831e716ac_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7799ed3f526a0abb0f881bdd23b26e4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7a24677fe17ae3d042d832e796b6df3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7fd1fe3397ba2a0fd180ebcd1a9e67f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c83ac850a822f1086b3ea7580ee7e371_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9689b0af43334baef540e16e1f8687b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca7fd39d24fecd04f098b0148cecd9a1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cab2a66de87fc6716f2d0fae48537888_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb08f12a1e30dc26b9c60bba9d2c9cfc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb6b49ceeb71927e3cb3eda58410fafe_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb8d3792872cd6811f5e386d61f18806_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbaf0d67c5d31dbc9f56ceff2b312a4f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbd7af2dcb10d87de0e18ac1be0f658e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc5748b169720c42e9982b9326f8b284_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc63d95a9207c32d595b1139470c3e24_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ccfcbc26d167983c59f61f9a95e5fda9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd3baa162432496284c7b9ceb0e5b3cd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cdb9b1624d6922213585e57486963d7d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce145208a751e4286ed0ef14089f2174_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce332f0938bce80972a6d17d4ddfbab9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf20f1e3589b6ad7ca3f0c81d005d7f7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf314ce649adff933668418ea2538e29_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf3c58dbb9986bc2483f7af297281d2f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cfdbc5249c511dc70b7e8c50cba7e234_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d04ac7f4b744475de39b4eec8d72acb9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d05e95e5d8c504022e260f24df494f31_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0a853e6685c0bfc6a74e467834b451d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1193d895f37a34ca1792f7a4f12a6c7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1983e14abe0136e64cf384a70f2bcbc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d214e7617a5c24ca845973877828fa8e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d21ea121c6ecdb8b2e1c8922c1212a07_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d25d08ca25fef49538bc481955f2c6b0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2bbd8b83623d652f0c29664b08bd0f4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2bf88291bdcd54c005832a8db7976a5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d304a00c2bf123cfd77ae85734dd8f52_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d31e3cfce1df0d72ef619f2e8f3c77ba_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d337716928e805cdbe8d2b292482dfe2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d33bbd45f990683127922d0e0a8cbd7d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d39c171a5c3fd59fee928770a7814dab_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d39c5395af10b60e4e1f46ea59b462ad_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3c15e837b559c6a4e814d1e133312b1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3ca83d098517932571f88c5ab087bc8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4404d56f080d9d1ebd64878ce4295f2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d490c1c42e73eea6d46fa9e6b993824d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4b982045f22524d053f1af0023441f9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4e56ce9ac4e339dae2ae363c792c5b4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4f826f33cd759d01f88646903567e04_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d60d55e8e9283dc134c6d5dec217048e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6163a537a93a4cc4e0875a7eaa477db_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d63fd3d9a73262c09d7e201b480c4b56_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d68afc9aa1d593c1fe868a1c18c3e18f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6b287bbecf605718d8d5d3f7d348ca8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6c60a4909c3dda03b14a309cb84d246_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d71f8223502adcb3fddf2e56a420a88a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7453cbdea4ee64c99c15e39110e36d0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d75c2b52f0dc1e460ef1f32ac0a3a3d8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d75c40d77a409470bcd40f1abd944fdb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7854a1df5c728b9fcd2462cc1673b83_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d80da81e0b00f2bb069ce7abd1d84e1e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8458aeb6ffe3bcdd64bf55151ea43cb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d87f7025c5f959f68738ce79cd4dc2e3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8dd8ebf6d615619bbf973d189d433f7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9b5194f53b298e6ea75cae7cb353565_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da867133167db0ab7e7999915a051634_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da9ba38494701ef0fef42c570f27897c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db1d2e86a94943c2feff3a54c7ae9120_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db6221625b32c8501b3e87c371185ff8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbd1b25eacdb10ac240c595cb0ff0c7f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbfea53323248b8f39801cfe4c0eb37a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc0ccb0dbb1ea2a0f5188fc40ccb846d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc238e02f70513094549de8cc3ff04ed_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc2f129b0928fa451c9b9c04d31feb84_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dce2c884074f3d7665826362a2be5b26_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd14977c5c32585d14e05ec9bc42c552_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\de491c5a4e7aa1d797de9cde8844d00f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\de52dd253adaff1ea1fb10e16127375a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\deecd77d5bf4e1c82f45265cc103531f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df06d411c3fa2c47a4872b355c0a7097_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df1cdd91583dab9344f7f6aaf87e177a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df4c604af65c0bc2a9284baea4156da3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfc315db0a55eec5536c40a84df62a86_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e025691b9659eb165c86576f201be7fd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e064229868d76ca76475cb04c78aa702_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0a0e919e2ddbf6b79a8523a7cd4e0ae_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0fc6b0be422d6656475d69f854ab082_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e11d2f701e34a503ab249e3cd36b7145_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1a1e6b97713d661780ea2c8ddaa7dde_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1ce4575d2d739565cc5dc3bb466449a_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e20efb1d4c25178a0cffe41f6dd6e1bf_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e255fec495cdf358c45d13d92829f45f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e262ac46e881852001bb2ab1c6facb3d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e277930e8aca38167e703f50a4c9c898_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3c697b8418e5134026535f45b8837fb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4b4c6a52e3cdefcc59ebae7cf94cc30_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4ee8b4ec476af76c1dda009caf1fd44_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e550531942cc4ae00692708e2fc41697_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5a7b710d058dd701003399fcb1d3f05_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5b0228e99621e9ea5cc23cf41db9e93_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5f976ae24effb52dda90ee219c66753_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e62a483d01139b0d6dbf7194f48ab0db_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e685527076de64f493e4fc488b0fa9eb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6e496bee49e272322d242458ca8e406_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7594e7425b86c32e602116b6dffbe8b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7f081ede98426da3d477c6383f41301_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e81c218884220f183c3c3f0fd935c8f4_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e909e5981a9927678591d089b7806443_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9594c5f2bb8d89f70e63f8eec76c8ee_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9a2ef6f91e2329749729550f9a7f974_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb5189586b75dc980e71684c532bc835_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ebc6336e0c65355045635d915f6e7165_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ebc70bd557d728b49b1455996b5fb8a7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ebefadfe4decbdc4d3269426e61d4f56_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec2337e57180661be94822bac14a2b94_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec64ee4297b3e3bed586caa84df47a13_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eca8f4e38df9d9ec595aa591bfa576ad_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ecd794b11ae1c8ac68dac5f1149565a5_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ecda05367208b26ff4c35d5615603eca_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed09fb1feda0d3048c258aea7fbdbe27_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed8cfd10fda66c6fcda25434e7f44fcd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed9471e70e50639c88631cd59f431103_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee9a73fdb8ec89e7b763b292badcbc49_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eecd0bd483caf6a16c8682b717a84646_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef983da1e5e649d392f08c4de1bf6f9e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f02cffef57742e2ca1287b1e00baf237_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0581f092b6f69179752c6eb55a70129_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f087d980ae673f65af71f9942204778e_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0ad90ba73e07dacc55c32e04b642855_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0edafaeee3bccf0335704ed3b9960b8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1e6b5bc3fa178f7271711326073acad_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1ecff67f297afa93277ff031d20c567_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f26a756adc5c0179b6e1f82c6b7f22e2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2ae6421d4a135b91209e5e374037cbd_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3994c3709b96735d4236f416997d5b9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3b6a66e91b731c4a8dceb376e176de7_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3f1d16f9a09eeb59cb993fcab40075f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f406352164b92b3ce2da738d3e5dca3f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f416a570514ad928f773d6816af23d42_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f499221a1468768a0bc721d383b207ef_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5bde18032b220a0b2e7c8b57d13d7ce_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5d3a4d8e6e79f4f4ddcc34e09414da2_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f652800a295f19149cf7e833d711a417_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f77b359b69303794cb212deef15c9b31_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7d25186b73216eee5ed21081df2a46c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f80750cce0aed80161a36e232dd75db0_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f94c23728a0b11b9f47c56a976a44384_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f97524218d58e7fb8463be7210b43532_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9a8a47427888a7aa01c4b0905d95f3f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9d5e105108c37057f6a09e458f5b850_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa10eceac96e8f8f3c32850e20f154fc_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa262dac99aeac1e0358e0f50074edf9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa4a6b1afeeec32e78d30fb43a3c50c9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa4a93ef3909ee1fd0b455d3f7de74e6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa512a4a40f3cbe5f1c808fe6f48e737_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa569998b46dffcbc572cfcc5adf5196_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\faad96fe14301102ea7405a4da245dfb_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\faf2126f5372407217246a1314edd33c_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb265c83d388c02c59e4292d082ceeb1_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fbc4fd720b0b8760f25b2d21b0740fd9_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fbdedf093aca38bf634d5a8cbb4ad565_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc322fe5bc004d80ffd1acfdb80f34ff_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc76340d4d69703443d0e0c3733a210d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fdebbf5cca660d623bcd5dbd1d8e787d_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe76ee4cdbe08fa8003068c921ff87ab_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff2bb245040775ce0c77ee25e3af5dc8_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff4598a587f4ea796505a85b7d75937b_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff5ba862c841b3d9a8a2ecc2943e0ee3_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff5ee7cdbac7407b4e2f2e898fddd0ab_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff69725e4faccfa9aebef8e6881801d6_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ffb8394e82071282443a10c49554bc56_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ffd7d5ab519200e620f6d1731f7ddd5f_24b7fe44-947f-4667-8f7c-a1800b56ff1b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QuickTime\Installer.log Object is locked skipped
C:\Documents and Settings\Chris\Desktop\IGunZ-42.01-setup.exe/file11 Infected: Email-Worm.Win32.Luder.e skipped
C:\Documents and Settings\Chris\Desktop\IGunZ-42.01-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Chris\Local Settings\Temp\gunz0927f.zip/gunz0927f/gunzinternational_20060927f.exe/data0048 Infected: Email-Worm.Win32.Luder.e skipped
C:\Documents and Settings\Chris\Local Settings\Temp\gunz0927f.zip/gunz0927f/gunzinternational_20060927f.exe Infected: Email-Worm.Win32.Luder.e skipped
C:\Documents and Settings\Chris\Local Settings\Temp\gunz0927f.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Chris\Local Settings\Temp\gunzinternational_20060927f.exe/data0048 Infected: Email-Worm.Win32.Luder.e skipped
C:\Documents and Settings\Chris\Local Settings\Temp\gunzinternational_20060927f.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Chris\Local Settings\Temp\win10.tmp.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Chris\Local Settings\Temp\win14.tmp.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Documents and Settings\Chris\Local Settings\Temp\win14.tmp.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe/stream/data0005 Infected: Trojan-Dropper.Win32.Agent.rg skipped
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe/stream/data0006/data0002 Infected: Trojan-Downloader.Win32.IstBar.er skipped
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe/stream/data0006/data0003/stream/data0001 Infected: not-a-virus:AdWare.Win32.Webdir.a skipped
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe/stream/data0006/data0003/stream Infected: not-a-virus:AdWare.Win32.Webdir.a skipped
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe/stream/data0006/data0003 Infected: not-a-virus:AdWare.Win32.Webdir.a skipped
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe/stream/data0006/data0004 Infected: Trojan.Win32.Krepper.ag skipped
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe/stream/data0006 Infected: Trojan.Win32.Krepper.ag skipped
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe/stream Infected: Trojan.Win32.Krepper.ag skipped
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe NSIS: infected - 8 skipped
C:\Documents and Settings\Jason\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\AOL OCP\AIM\Storage\data\annoyingpunk\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\History\History.IE5\MSHist012007071220070713\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temp\Perflib_Perfdata_328.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temp\Perflib_Perfdata_338.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temp\Perflib_Perfdata_348.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temp\Perflib_Perfdata_f4.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\My Documents\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Documents and Settings\Jason\My Documents\mirc617.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Jason\My Documents\My Downloads\Mal-Busters\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\My Documents\My Downloads\Mal-Busters\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\My Documents\My Downloads\Mal-Busters\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jason\My Documents\My Downloads\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Jason\My Documents\My Downloads\mirc616.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Jason\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jason\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\ijji\ENGLISH\u_sf\XPatch.exe Infected: Email-Worm.Win32.Luder.e skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Program Files\NetmarbleJP\Gunz\XPatch.exe Infected: Email-Worm.Win32.Luder.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byvspon.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byxxwvu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcyxyv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifdebc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\winadg32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyyxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{793E4DC7-E0D7-433B-A369-FB7453C8D73B}\RP816\A0543932.EXE Object is locked skipped
C:\System Volume Information\_restore{793E4DC7-E0D7-433B-A369-FB7453C8D73B}\RP816\A0543933.EXE Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{793E4DC7-E0D7-433B-A369-FB7453C8D73B}\RP824\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\ZERO-X.ldb Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT0500d.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT05017.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\GUNZ2\Gunz\XPatch.exe Infected: Email-Worm.Win32.Luder.e skipped
D:\MAIET\Gunz\XPatch.exe Infected: Email-Worm.Win32.Luder.e skipped
D:\MAIET\Gunz.rar/Gunz/XPatch.exe Infected: Email-Worm.Win32.Luder.e skipped
D:\MAIET\Gunz.rar RAR: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{793E4DC7-E0D7-433B-A369-FB7453C8D73B}\RP824\change.log Object is locked skipped
E:\My Shared Folder\orange_decoder.exe/WISE0016.BIN/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped
E:\My Shared Folder\orange_decoder.exe/WISE0016.BIN/data0006 Infected: Trojan-Downloader.Win32.Turown.i skipped
E:\My Shared Folder\orange_decoder.exe/WISE0016.BIN/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped
E:\My Shared Folder\orange_decoder.exe/WISE0016.BIN/data0011 Infected: Trojan-Downloader.Win32.Turown.i skipped
E:\My Shared Folder\orange_decoder.exe/WISE0016.BIN/data0013 Infected: Trojan-Downloader.Win32.VB.cw skipped
E:\My Shared Folder\orange_decoder.exe/WISE0016.BIN Infected: Trojan-Downloader.Win32.VB.cw skipped
E:\My Shared Folder\orange_decoder.exe/WISE0017.BIN/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
E:\My Shared Folder\orange_decoder.exe/WISE0017.BIN/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped
E:\My Shared Folder\orange_decoder.exe/WISE0017.BIN/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
E:\My Shared Folder\orange_decoder.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
E:\My Shared Folder\orange_decoder.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.MyWay.c skipped
E:\My Shared Folder\orange_decoder.exe/WISE0019.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
E:\My Shared Folder\orange_decoder.exe/WISE0019.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
E:\My Shared Folder\orange_decoder.exe/WISE0019.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
E:\My Shared Folder\orange_decoder.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
E:\My Shared Folder\orange_decoder.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.EZula.a skipped
E:\My Shared Folder\orange_decoder.exe/WISE0023.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
E:\My Shared Folder\orange_decoder.exe/WISE0023.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
E:\My Shared Folder\orange_decoder.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
E:\My Shared Folder\orange_decoder.exe/WISE0023.BIN/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
E:\My Shared Folder\orange_decoder.exe/WISE0023.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
E:\My Shared Folder\orange_decoder.exe/WISE0023.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
E:\My Shared Folder\orange_decoder.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
E:\My Shared Folder\orange_decoder.exe/WISE0025.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
E:\My Shared Folder\orange_decoder.exe/WISE0025.BIN/v2.0.4.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_decoder.exe/WISE0025.BIN/v2.0.4.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_decoder.exe/WISE0025.BIN/v2.0.4.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_decoder.exe/WISE0025.BIN/v2.0.4.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_decoder.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_decoder.exe WiseSFX: infected - 29 skipped
E:\My Shared Folder\orange_encoder.exe/WISE0016.BIN/data0005 Infected: Trojan-Downloader.Win32.Agent.ac skipped
E:\My Shared Folder\orange_encoder.exe/WISE0016.BIN/data0006 Infected: Trojan-Downloader.Win32.Turown.i skipped
E:\My Shared Folder\orange_encoder.exe/WISE0016.BIN/data0008 Infected: Trojan-Downloader.Win32.Turown.g skipped
E:\My Shared Folder\orange_encoder.exe/WISE0016.BIN/data0011 Infected: Trojan-Downloader.Win32.Turown.i skipped
E:\My Shared Folder\orange_encoder.exe/WISE0016.BIN/data0013 Infected: Trojan-Downloader.Win32.VB.cw skipped
E:\My Shared Folder\orange_encoder.exe/WISE0016.BIN Infected: Trojan-Downloader.Win32.VB.cw skipped
E:\My Shared Folder\orange_encoder.exe/WISE0017.BIN/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
E:\My Shared Folder\orange_encoder.exe/WISE0017.BIN/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped
E:\My Shared Folder\orange_encoder.exe/WISE0017.BIN/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
E:\My Shared Folder\orange_encoder.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
E:\My Shared Folder\orange_encoder.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.MyWay.c skipped
E:\My Shared Folder\orange_encoder.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.EZula.a skipped
E:\My Shared Folder\orange_encoder.exe/WISE0020.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
E:\My Shared Folder\orange_encoder.exe/WISE0020.BIN/v2.0.4.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_encoder.exe/WISE0020.BIN/v2.0.4.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_encoder.exe/WISE0020.BIN/v2.0.4.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_encoder.exe/WISE0020.BIN/v2.0.4.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_encoder.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\My Shared Folder\orange_encoder.exe/WISE0023.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
E:\My Shared Folder\orange_encoder.exe/WISE0023.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
E:\My Shared Folder\orange_encoder.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
E:\My Shared Folder\orange_encoder.exe/WISE0023.BIN/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
E:\My Shared Folder\orange_encoder.exe/WISE0023.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
E:\My Shared Folder\orange_encoder.exe/WISE0023.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
E:\My Shared Folder\orange_encoder.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
E:\My Shared Folder\orange_encoder.exe/WISE0024.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
E:\My Shared Folder\orange_encoder.exe/WISE0024.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
E:\My Shared Folder\orange_encoder.exe/WISE0024.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
E:\My Shared Folder\orange_encoder.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
E:\My Shared Folder\orange_encoder.exe WiseSFX: infected - 29 skipped
E:\Recent Downloads\Kazaa Lite K++\My shared Folder\video codec\DivXPro501GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3102 skipped
E:\Recent Downloads\Kazaa Lite K++\My shared Folder\video codec\DivXPro501GAINBundle.exe Vise: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:19 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: FlashGetでダウンロード - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: FlashGetで全てダウンロード - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001021-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter21 Class) - http://download.netmarble.com/web/nmstarter/NMStarter21.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7034420C-900E-43A5-B2D8-6DF34E0AB108}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bw+0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 22615 bytes

#10 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 13 July 2007 - 02:15 PM

You are running a P2P filesharing programme.
  • Many of these programmes come with unwanted components bundled with them.
  • If you wish to find out whether the one you're using does click here.

Please note: Even if you are using a "safe" P2P programme, it is only the programme that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


My recommendation is you uninstall it.

Download ATF Cleaner by Attribune
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Main at the top and choose Select All from the list.
  • Click the Empty Selected button.
If you use Firefox browser:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Use windows explorer to find and delete these files:

C:\Documents and Settings\Chris\Desktop\IGunZ-42.01-setup.exe
C:\Documents and Settings\Chris\My Documents\DivX-3.11-Installer.exe
C:\ijji\ENGLISH\u_sf\XPatch.exe
C:\Program Files\NetmarbleJP\Gunz\XPatch.exe
D:\GUNZ2\Gunz\XPatch.exe
D:\MAIET\Gunz\XPatch.exe
D:\MAIET\Gunz.rar
E:\My Shared Folder\orange_decoder.exe
E:\Recent Downloads\Kazaa Lite K++\My shared Folder\video codec\DivXPro501GAINBundle.exe

Then post a new HijackThis log and let me know of any remaining problems

#11 Nosaji

Nosaji
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:07 PM

Posted 18 July 2007 - 02:13 AM

Sorry about the long response time had a bunch of stuff to deal with.... As for my system it hasn't suffered any hiccups or slowdowns. So I think everything is back to normal now thanks for the help :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:07 AM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: FlashGetでダウンロード - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: FlashGetで全てダウンロード - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001021-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter21 Class) - http://download.netmarble.com/web/nmstarter/NMStarter21.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7034420C-900E-43A5-B2D8-6DF34E0AB108}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bw+0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9D630061-563B-447A-A121-AB2F0831B576} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 23055 bytes

#12 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 18 July 2007 - 04:15 AM

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Reboot.

    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis
  • Keep your antivirus and firewall updated
  • Keep windows up to date with the latest patches


    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
  • Install spywareblaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    Make sure to update it on a regular basis
  • Install IE-SPYAD
    Dowload and instructions located here
    Make sure to update it on a regular basis
  • Use a HOSTS file
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button (at the lower left hand corner of your screen)
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then double-click it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok
  • Install and use Ad-aware & Spybot search & destroy
    Instructions are located here
    Make sure to update them on a regular basis
  • Most exploits are aimed at internet explorer, so I recommend you switch to an altenative browser
    Two good alternative browsers are
    Firefox
    Opera
    It is essential to update to the latest version of your browser, as the updates fix known security holes
  • Even if you do decide to switch to another browser, it is still a good idea to lock down Internet explorer
    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    Change the allow paste operations via script to Disable
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.
  • Clean out you temp file on a regular basis
    I use and recommend ATF Cleaner by Attribune
    To use it, follow these instructions
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Main at the top and choose Select All from the list.
    • Click the Empty Selected button.
    If you use Firefox browser:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser:
    • Click Opera at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users