Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help, My Computer is Infected!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help, My Computer is Infected!

Unread postby lorenr » June 21st, 2007, 11:06 pm

Kaspersky says I'm infected. Here is my HJT log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tucan] "C:\Documents and Settings\user\Application Data\Opera\Opera\profile\cache4\temporary_download\antirootkit.exe" /Monitor
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4244830328
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_do ... Button.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks in advance for your help!
lorenr
Regular Member
 
Posts: 77
Joined: December 7th, 2005, 9:41 pm
Advertisement
Register to Remove

Unread postby random/random » June 23rd, 2007, 9:10 am

Firstly I would like to point out that this is not the first time you have been helped here, and I would like to point out that we are all volunteers who do this in our free time, and that there are not enough helpers to get all the logs resolved.

Acrobat reader is outdated, uninstall the one you have installed and install the latest one from here:

http://www.adobe.com/products/acrobat/readstep2.html

That is not a complete HijackThis log, you have missed off some of the header information

As you have not got the full kaspersky antivirus program installed, and your HijackThis log shows the activex from the kaspersky online scanner, I assume this is what told you that you were infected - it should have an option to produce a log, please post that log.

Also, please tell me if you know what program this entry belongs to:

O4 - HKCU\..\Run: [Tucan] "C:\Documents and Settings\user\Application Data\Opera\Opera\profile\cache4\temporary_download\antirootkit.exe" /Monitor
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby lorenr » June 23rd, 2007, 10:39 am

Firstly, I'm not sure what you're point is for your opening remark. Is it that one only gets a certain number of "helps" and then no more, so I shouldn't be coming here looking for help any longer? If it's regarding a donation, after each time I have been helped by your wonderful site (and I'm not being a smart-a** here, I really do think you folks are wonderful) I have tried to donate, but each time the donation would not go through. I kept getting error messages. I would be more than happy to make a donation!

That being said, I have installed the latest Acrobat Reader, will repost the HJT log, and the Kaspersky log.
First the Kaspersky log:
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0229afe91f9108f9133314024c5d9130_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03ca65d50c8767a20610f64eb5f1f37d_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\054ae24558a5c1f099b34cdb0242f94a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07424258a41ca219fd9592b31b11e7e2_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07ce201ef6ba8885960bc7f019c9901a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07f5568ffc556bda72286b6f800ae646_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0864386818cf4a53b7b1f63f93a5fc94_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0dfeb35554863df90bf8277fc2c7cd74_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10c3291019480fe37a91ca998a817c85_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1135c604866cb40f7e467efa96e38728_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1609ff0b9289ff39913b50ec7e244131_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1785e1da84c24bc1021472f3703b15e8_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1af257f0da9670cd4e5102dd85af2a7b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c4f7fcd175249b155dc17084bd74240_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23b9c42ac1595ec36a142b80c41a6933_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24210bcd8387e3c8c5b8ff1b9434c3f9_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b341dee04ee679027be7a5a45012b37_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e81a48cf8f33306c9b5ae054816e004_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30168ed4612770ecac889d70322be37e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3170a9c7afd26e6d1dc67c3fb0b21083_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31b03f005dd77609a202b4c0955c51cd_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35089d2fa32b7433548bff1e055bc3d3_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3580a9339f9e979486d736718bab6cac_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39bcf85d7f9b5c511c9d30e2fe245dac_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3bd3b2c5bc0a3d884c694a7a8e7b2df0_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cc87ee9ed1f437533c9bd59e753b023_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ccbff6f396ebf3041dd10f1fc565577_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e91689ad7239b3af93d4f2092607fd1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f36e1b7df1ee98ede65ed97f2801833_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4187515f8dd3a1d071058318217c6057_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\434c6ef1fb331cae12b43a2ab4e61325_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4357d8553b78a83acfd68ec67ba285d4_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44181e423bfb0eeb09eafc2df0ef0276_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46e02c0931dbadef6819041db0e8114c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a676d1635dc68935639c2c8f0fd4f3e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d641af9a909d258dfa607fe4a52b84e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511b93eab9a6fda174c640df8170f5d9_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52da6858c5fe7abcef4d6962cfe6933f_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\53606763a6ba49d9970d017505f7e572_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58b0e1e2b99aa237334c403af52e5012_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a0defbce41b2c6714e1253c075cd116_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e1d1b1beabb6462a69a021ab230a008_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ed8e8f14ece743d65621fb8f9dba911_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f3badb1b38b7822db9c4ec70e8f46de_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f476b2d03e95427bfb36bf94ac2d53f_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\615d52e487e7898d80b8cf66101a8d91_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\642edf3919d49130b6012312a8d0a368_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\651bbc6cbbf1551f35220a7c50717b53_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b7afa9e3aecf5184c7f56289e060c06_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cb1caa63ac6e440f1bdd719de6dcb8c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e1d9e8f07b430e79b7c2996c9fc85f1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f703046795137b69564899bf20a0a11_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70af1c8c177b5afa2977d411e1b883a7_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73346baa7331438d2416b3fea14463cd_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73bc77f0ab2eed590962480794f9f360_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7501f8f2964db6fb3a3836cd4867597b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\751c91748ce7439f35da12588116d3e4_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\755c44ad459d60c989bd7a347353cb58_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7697c6f3f83d0a10fd40cd06fd0d4085_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a12795c636af37b1aefa6b4b8a5e684_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f5249b680b15d6235eda21ced423980_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81f73a43e3c16014aeff9f3cb811663e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84615cf45d09a2b4d2e5946f88b2ef3f_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85d8a9ee02276f9aa4344172bb21b902_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8671a2aead66e470799c61fd8935b16e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\869092514d57d412529827d66cbf2904_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\888c27c09972c578139597d66a404ef3_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b9826712361d1efd27f32e2c63fda2b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cfd0379a44da1d8f52969969486d1a3_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e0c09165f75c2fc5334f5803298eb42_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8eb333be64650b8e6dc761f191e2f4c1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90f9d427fc132daaf835983ff2fec657_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\914c786b49431d73fb3fcc2c961530a3_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\923cea3d4282c56b6a3e0e2700df68d5_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9583074226d4c1d4c659e70e9be9ed3e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\969ecfba0ed208ee6366ba604627f1a1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96e5911ae735e7f1257a790ccc047b0a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\971021208b50c8d10e38af849e20f30e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98a46ae1d37c0fb639a56cdce383ce9c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a046c8337d8b565220f3f6198161d3e9_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2b4ff844a03f8f0ce506727eff915bc_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a373d0684d7e3e17b23b99e46e64088e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5235870a45c4a507c227f6dee1d9e99_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a62f31d8ae18fdee743ed4dddc73c551_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa4dcf627c19c972c293871826c08245_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac441e08940f22ce6ab716b2c1ebe45b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aeee64de8ddd74ae690610251d4805eb_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\afc056421e9f831638b565cb1b68e62a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0cb859c13fe6b4369b6d7d821063073_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4994c86f8f0bd31758a3271822aa331_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9605492778328d360d9b9e85ae6507c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcd85f06bf8f5f05231a965210291b1c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd4b4a4a879a9f2e28667604214fee48_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bebb202f586b35aa64c25d9fbd48adab_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c037ff565ccd32669b4fd63e64af1be8_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1a4d10b8fe0ba8f1367f297f67c92c9_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1ff0b1a7e684f1acd6ed72ad7e8efe5_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2a36c177fbae6ab0ff9369295305b9a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c306ad10f33575bc44c1e33f8dc425a2_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4ffe1ccf43f56fb7bd8bdeeb387ad4f_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1f12c06d802c573d1877d060740af45_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1ffea95b227995b13aee0c565de172c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3e61aa0c485ac0e3f4fd5af89cefd16_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d69c17374c433bebec502ac59be74b47_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd993ff9b656b0261334ba8534592c27_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ddae9c6a259f8b8d1278d3a5bf7b8fca_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e19043e1772f2fff7216adf405fef125_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4245a5b55adffa9a9c641e7dee97c89_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5796030020d27ef49808195ffa29529_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e62b5a030c3c0e9b8b7787aa0e21aa1e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7949f6397e36e3821aaf3504047ffc6_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7db31794b903db4b1a12ca6839676b1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8e4edf88f566ac263a14200ba93332d_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed0c42614b00b5b7413ef30853f8cd39_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed1425a0cc618431bcc6f69a86e1f9e7_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eda352c8ec07b064ac41f176269ba937_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f101ed4524424627e627c9a8fcfb3304_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2001e8c6e2a431958e820f8120d4857_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2c915562fbb514d3e79b47af0fb5fc8_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6821512c6da472a82d4cf573796735b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f73074d5bdc7ffd0f5e34b133289a6f1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f828c578335238b53f6a731ff280dbe4_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd01678933d64b92810f1cb116e0f0f1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd27eae5e9dda1942cbf302051a8f297_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ffef06e3f7540ac399a58a998e613cac_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fff688488023e5d9a8dec9433b176047_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12132006-180347.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{16B8585C-AC41-4CBB-A488-240A2AA19F1D}\Microsoft\Outlook Express\EZ Anti-Spam.dbx Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{16B8585C-AC41-4CBB-A488-240A2AA19F1D}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{16B8585C-AC41-4CBB-A488-240A2AA19F1D}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{16B8585C-AC41-4CBB-A488-240A2AA19F1D}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C0E49AF7-4D81-45A4-94AD-F76EF5F152D9} Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\QurbOE\MsgInfo.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DF858.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DFB712.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DFB721.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DFFC31.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\ntuser.dat Object is locked skipped

C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

C:\RECYCLER\S-1-5-21-746137067-1606980848-839522115-1003\Dc1.com Infected: EICAR-Test-File skipped

C:\RECYCLER\S-1-5-21-746137067-1606980848-839522115-1003\Dc2.zip/eicar.com Infected: EICAR-Test-File skipped

C:\RECYCLER\S-1-5-21-746137067-1606980848-839522115-1003\Dc2.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{EC280EEC-AB63-452F-B94A-74A3BB83BECD}\RP119\A0043020.exe Infected: Packed.Win32.PolyCrypt.b skipped

C:\System Volume Information\_restore{EC280EEC-AB63-452F-B94A-74A3BB83BECD}\RP124\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{014F4665-5621-4A6F-8CE6-7B2FDFD669E8}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

The HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:31 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tucan] "C:\Documents and Settings\user\Application Data\Opera\Opera\profile\cache4\temporary_download\antirootkit.exe" /Monitor
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4244830328
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_do ... Button.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

And as for this entry

O4 - HKCU\..\Run: [Tucan] "C:\Documents and Settings\user\Application Data\Opera\Opera\profile\cache4\temporary_download\antirootkit.exe" /Monitor

I think it might be a test file from EICAR (European Institute for Computer Antivirus Research) that my eTrust ezAnti-Virus help section told me to download to test my anti-virus program was working. See attached instructions:

Common Tasks - Testing EZ Antivirus
Eicar - a file to test your antivirus software
EICAR is a program from the European Institute for Computer Antivirus Research that can help test the virus detection capabilities of Antivirus software.



This is a small .COM file that simply prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" when executed. It has the useful property that it consists entirely of printable ASCII characters, so you can easily email or fax it to someone.



Many antivirus products detect this file as if it had a virus. Most give a special message to make it clear that this is a test file and not a real virus. For example, when the EICAR file is scanned with EZ Antivirus, the message displayed is:



EICAR.COM is the EICAR test string reviewer test file.



The main use of the EICAR test file is to test that your antivirus software is configured and operating as you want it to. For example, it could be used to test that the EZ Antivirus real-time protection is active and behaving as you expect.



While this file obviously has absolutely no virus code in it, you should only distribute it to people who have a clear understanding of what it does. Also, do not store it on production machines that run antivirus software (except as part of a deliberate test), as it will probably trigger whatever alarm bells are in place.



Please refer to the EICAR Standard Antivirus Test File web page for more information and a link to download the file.



Here is the EICAR test string, in its entirety:



X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*



To create you own EICAR test file:

Copy and past this string into a notepad document, then click FILE > SAVE AS.

Click the drop-down box next to 'Save As Type' and choose 'All Files'

In the 'File Name' field, type EICAR.COM. Choose the folder you wish to save the file in and click the SAVE button.

If that is not what it is, then I have no idea what it could be.
lorenr
Regular Member
 
Posts: 77
Joined: December 7th, 2005, 9:41 pm

Unread postby random/random » June 23rd, 2007, 11:19 am

I have no way of knowing if you made a donation or not, there is no limit on the amount of times you can get help here - I simply wanted to make you aware of how busy the helpers are - which is why you won't always get an instant response

I am happy to see you appear to be taking appropriate precautions against infection :)

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O4 - HKCU\..\Run: [Tucan] "C:\Documents and Settings\user\Application Data\Opera\Opera\profile\cache4\temporary_download\antirootkit.exe" /Monitor

Then close all windows except HijackThis and click Fix Checked

Restart

Download ATF Cleaner by Attribune
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Main at the top and choose Select All from the list.
  • Click the Empty Selected button.
If you use Firefox browser:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.

Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

After that, rerun kaspersky - it should come up clean
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby lorenr » June 25th, 2007, 8:07 pm

Completed what you asked, though did not do a system restore as Kaspersky says I have a virus, "Packed.Win32.PolyCrypt.b". Below is the new Kaspersky log and a new HJT log.



Monday, June 25, 2007 7:54:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 26/06/2007
Kaspersky Anti-Virus database records: 331611

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 59453
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:45:29

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0229afe91f9108f9133314024c5d9130_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03ca65d50c8767a20610f64eb5f1f37d_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\054ae24558a5c1f099b34cdb0242f94a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07424258a41ca219fd9592b31b11e7e2_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07ce201ef6ba8885960bc7f019c9901a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07f5568ffc556bda72286b6f800ae646_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0864386818cf4a53b7b1f63f93a5fc94_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0dfeb35554863df90bf8277fc2c7cd74_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10c3291019480fe37a91ca998a817c85_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1135c604866cb40f7e467efa96e38728_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1609ff0b9289ff39913b50ec7e244131_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1785e1da84c24bc1021472f3703b15e8_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1af257f0da9670cd4e5102dd85af2a7b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c4f7fcd175249b155dc17084bd74240_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23b9c42ac1595ec36a142b80c41a6933_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24210bcd8387e3c8c5b8ff1b9434c3f9_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b341dee04ee679027be7a5a45012b37_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e81a48cf8f33306c9b5ae054816e004_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30168ed4612770ecac889d70322be37e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3170a9c7afd26e6d1dc67c3fb0b21083_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31b03f005dd77609a202b4c0955c51cd_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35089d2fa32b7433548bff1e055bc3d3_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3580a9339f9e979486d736718bab6cac_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39bcf85d7f9b5c511c9d30e2fe245dac_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3bd3b2c5bc0a3d884c694a7a8e7b2df0_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cc87ee9ed1f437533c9bd59e753b023_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ccbff6f396ebf3041dd10f1fc565577_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e91689ad7239b3af93d4f2092607fd1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f36e1b7df1ee98ede65ed97f2801833_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4187515f8dd3a1d071058318217c6057_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\434c6ef1fb331cae12b43a2ab4e61325_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4357d8553b78a83acfd68ec67ba285d4_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44181e423bfb0eeb09eafc2df0ef0276_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46e02c0931dbadef6819041db0e8114c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a676d1635dc68935639c2c8f0fd4f3e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d641af9a909d258dfa607fe4a52b84e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511b93eab9a6fda174c640df8170f5d9_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52da6858c5fe7abcef4d6962cfe6933f_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\53606763a6ba49d9970d017505f7e572_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58b0e1e2b99aa237334c403af52e5012_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a0defbce41b2c6714e1253c075cd116_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e1d1b1beabb6462a69a021ab230a008_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ed8e8f14ece743d65621fb8f9dba911_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f3badb1b38b7822db9c4ec70e8f46de_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f476b2d03e95427bfb36bf94ac2d53f_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\615d52e487e7898d80b8cf66101a8d91_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\642edf3919d49130b6012312a8d0a368_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\651bbc6cbbf1551f35220a7c50717b53_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b7afa9e3aecf5184c7f56289e060c06_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cb1caa63ac6e440f1bdd719de6dcb8c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e1d9e8f07b430e79b7c2996c9fc85f1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f703046795137b69564899bf20a0a11_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70af1c8c177b5afa2977d411e1b883a7_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73346baa7331438d2416b3fea14463cd_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73bc77f0ab2eed590962480794f9f360_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7501f8f2964db6fb3a3836cd4867597b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\751c91748ce7439f35da12588116d3e4_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\755c44ad459d60c989bd7a347353cb58_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7697c6f3f83d0a10fd40cd06fd0d4085_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a12795c636af37b1aefa6b4b8a5e684_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f5249b680b15d6235eda21ced423980_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81f73a43e3c16014aeff9f3cb811663e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84615cf45d09a2b4d2e5946f88b2ef3f_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85d8a9ee02276f9aa4344172bb21b902_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8671a2aead66e470799c61fd8935b16e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\869092514d57d412529827d66cbf2904_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\888c27c09972c578139597d66a404ef3_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b9826712361d1efd27f32e2c63fda2b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cfd0379a44da1d8f52969969486d1a3_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e0c09165f75c2fc5334f5803298eb42_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8eb333be64650b8e6dc761f191e2f4c1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90f9d427fc132daaf835983ff2fec657_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\914c786b49431d73fb3fcc2c961530a3_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\923cea3d4282c56b6a3e0e2700df68d5_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9583074226d4c1d4c659e70e9be9ed3e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\969ecfba0ed208ee6366ba604627f1a1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96e5911ae735e7f1257a790ccc047b0a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\971021208b50c8d10e38af849e20f30e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98a46ae1d37c0fb639a56cdce383ce9c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a046c8337d8b565220f3f6198161d3e9_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2b4ff844a03f8f0ce506727eff915bc_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a373d0684d7e3e17b23b99e46e64088e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5235870a45c4a507c227f6dee1d9e99_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a62f31d8ae18fdee743ed4dddc73c551_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa4dcf627c19c972c293871826c08245_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac441e08940f22ce6ab716b2c1ebe45b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aeee64de8ddd74ae690610251d4805eb_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\afc056421e9f831638b565cb1b68e62a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0cb859c13fe6b4369b6d7d821063073_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4994c86f8f0bd31758a3271822aa331_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9605492778328d360d9b9e85ae6507c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcd85f06bf8f5f05231a965210291b1c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd4b4a4a879a9f2e28667604214fee48_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bebb202f586b35aa64c25d9fbd48adab_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c037ff565ccd32669b4fd63e64af1be8_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1a4d10b8fe0ba8f1367f297f67c92c9_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1ff0b1a7e684f1acd6ed72ad7e8efe5_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2a36c177fbae6ab0ff9369295305b9a_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c306ad10f33575bc44c1e33f8dc425a2_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4ffe1ccf43f56fb7bd8bdeeb387ad4f_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1f12c06d802c573d1877d060740af45_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1ffea95b227995b13aee0c565de172c_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3e61aa0c485ac0e3f4fd5af89cefd16_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d69c17374c433bebec502ac59be74b47_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd993ff9b656b0261334ba8534592c27_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ddae9c6a259f8b8d1278d3a5bf7b8fca_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e19043e1772f2fff7216adf405fef125_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4245a5b55adffa9a9c641e7dee97c89_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5796030020d27ef49808195ffa29529_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e62b5a030c3c0e9b8b7787aa0e21aa1e_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7949f6397e36e3821aaf3504047ffc6_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7db31794b903db4b1a12ca6839676b1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8e4edf88f566ac263a14200ba93332d_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed0c42614b00b5b7413ef30853f8cd39_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed1425a0cc618431bcc6f69a86e1f9e7_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eda352c8ec07b064ac41f176269ba937_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f101ed4524424627e627c9a8fcfb3304_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2001e8c6e2a431958e820f8120d4857_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2c915562fbb514d3e79b47af0fb5fc8_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6821512c6da472a82d4cf573796735b_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f73074d5bdc7ffd0f5e34b133289a6f1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f828c578335238b53f6a731ff280dbe4_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd01678933d64b92810f1cb116e0f0f1_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd27eae5e9dda1942cbf302051a8f297_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ffef06e3f7540ac399a58a998e613cac_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fff688488023e5d9a8dec9433b176047_20825a1b-89f4-410b-ad22-96a04f5409b0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12132006-180347.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\.housecall6.6\Quarantine\A0043020.exe.bac_a01832 Infected: Packed.Win32.PolyCrypt.b skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9AD0F22B-1093-4D8E-8809-BB669C5C5A97} Object is locked skipped

C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007061820070625\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007062520070626\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DF11C1.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DF3DC2.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DF3DCE.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DFFD5B.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\ntuser.dat Object is locked skipped

C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{EC280EEC-AB63-452F-B94A-74A3BB83BECD}\RP126\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\Internet Logs\USER-SC8RY4DTE7.ldb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{6A5F7FB3-6851-43B6-8E8B-23575D30C76E}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA


Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\temp\ZLT06831.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 7:48:42 PM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\user\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4244830328
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_do ... Button.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks :)
lorenr
Regular Member
 
Posts: 77
Joined: December 7th, 2005, 9:41 pm

Unread postby random/random » June 26th, 2007, 11:45 am

Got to this folder

C:\Documents and Settings\user\.housecall6.6\Quarantine\

Then delete all the files in it

After that you should be clean, you can run kaspersky again to check if you like
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby lorenr » June 26th, 2007, 8:31 pm

That did it!! Kaspersky came out clean. You are great!! Thanks so much for your help.
lorenr
Regular Member
 
Posts: 77
Joined: December 7th, 2005, 9:41 pm

Unread postby random/random » June 27th, 2007, 10:59 am

Since you seem to be following the advice in Navigator's all clean speech, I won't worry you with mine

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware