Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Possible browser hijacker on my PC?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Unread postby SheppeyRed » May 30th, 2007, 11:56 am

John B. wrote:Please skip Kaspersky, we'll try another scanner if we need to!


Hi John,

OK, I'll do that if I ned to. I'm curious as to whether it's just Thunderbird or whether there are other programs which would be an issue. I'll let it finish the Thunderbird folder if I can and see what happens after that. After all, I can press the "Stop Scan" button at any time! ;)

I did the WinPFind3 scan first luckily and have included the log file here:-

WinPFind3 scan results:-

WinPFind3 logfile created on: 30/05/2007 12:52:02
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Program Files\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

511.47 Mb Total Physical Memory | 211.99 Mb Available Physical Memory | 41.45% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115.04 Gb Total Space | 28.03 Gb Free Space | 24.37% Space Free
Drive D: | 492.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
Drive F: | 233.76 Gb Total Space | 40.71 Gb Free Space | 17.41% Space Free

Computer Name: SHAUNS
Current User Name: Shaun
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 23/02/2006 11:41:04 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 18/04/2007 13:49:06 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 18/04/2007 13:49:30 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 18/04/2007 13:50:52 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22/12/2006 12:42:46 | Attr = ]
bgsvcgen.exe -> %System32%\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 30/04/2005 18:02:26 | Attr = ]
dopusrt.exe -> %ProgramFiles%\GPSoftware\Directory Opus\dopusrt.exe -> GP Software [Ver = 3, 0, 15, 0 | Size = 276248 bytes | Modified Date = 25/05/2007 16:34:54 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.3: 2007030919 | Size = 7633008 bytes | Modified Date = 12/03/2007 10:01:04 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 5,11,00,00 | Size = 278016 bytes | Modified Date = 29/03/2002 05:40:50 | Attr = ]
mgabg.exe -> %System32%\mgabg.exe -> Matrox Graphics Inc. [Ver = 1.00.023 | Size = 81920 bytes | Modified Date = 16/01/2002 16:15:14 | Attr = ]
opware32.exe -> %ProgramFiles%\ScanSoft\OmniPageSE\opware32.exe -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 03/06/2002 11:38:12 | Attr = ]
osa.exe -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 01/08/1997 | Attr = ]
pdesk.exe -> %System32%\PDesk\pdesk.exe -> Matrox Graphics Inc. [Ver = 6.93.009 | Size = 684032 bytes | Modified Date = 14/09/2004 11:13:58 | Attr = ]
pgpserv.exe -> %System32%\PGPServ.exe -> PGP Corporation [Ver = 3.2.2 | Size = 69632 bytes | Modified Date = 09/06/2004 03:43:46 | Attr = ]
pgptray.exe -> %ProgramFiles%\PGP Corporation\PGP for Windows XP\PGPtray.exe -> PGP Corporation [Ver = 8.1 | Size = 339968 bytes | Modified Date = 09/06/2004 03:43:56 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 27/11/2006 13:10:48 | Attr = ]
spampal.exe -> %ProgramFiles%\SpamPal\spampal.exe -> [Ver = | Size = 387616 bytes | Modified Date = 24/10/2005 21:08:06 | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 01/03/2007 19:55:50 | Attr = ]
taskswitch.exe -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 19/03/2002 18:30:00 | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 04/01/2007 22:38:20 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 22:38:10 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 00:01:58 | Attr = ]
winpfind3u.exe -> %ProgramFiles%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22/05/2007 18:27:40 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 00:02:00 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apache2.2) Apache2.2 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\httpd.exe -> Apache Software Foundation [Ver = 2.2.3 | Size = 20539 bytes | Modified Date = 27/07/2006 16:49:56 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 23/02/2006 11:41:04 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 18/04/2007 13:49:06 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22/12/2006 12:42:46 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 18/04/2007 13:50:52 | Attr = ]
(bgsvcgen) B's Recorder GOLD Library General Service [Win32_Own | Auto | Running] -> %System32%\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 30/04/2005 18:02:26 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 08:56:48 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 01:41:10 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 5,11,00,00 | Size = 278016 bytes | Modified Date = 29/03/2002 05:40:50 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 23/02/2006 11:41:04 | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 05/10/2005 11:07:24 | Attr = ]
(MGABGEXE) MGABGEXE [Win32_Own | Auto | Running] -> %System32%\mgabg.exe -> Matrox Graphics Inc. [Ver = 1.00.023 | Size = 81920 bytes | Modified Date = 16/01/2002 16:15:14 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 127043 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
(PGPserv) PGPserv [Win32_Own | Auto | Running] -> %System32%\PGPServ.exe -> PGP Corporation [Ver = 3.2.2 | Size = 69632 bytes | Modified Date = 09/06/2004 03:43:46 | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> [Ver = | Size = 77824 bytes | Modified Date = 04/04/2003 15:54:50 | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 22:38:10 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 00:01:58 | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 01/03/2007 19:55:50 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Ad-Aware -> %ProgramFiles%\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe -> Lavasoft Sweden [Ver = 6.2.0.237 | Size = 830976 bytes | Modified Date = 27/05/2005 14:23:00 | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 06/06/2005 23:46:24 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 18/04/2007 13:49:30 | Attr = ]
C-Media Mixer -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (http://www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 15/10/2002 19:00:20 | Attr = ]
CoolSwitch -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 19/03/2002 18:30:00 | Attr = ]
Gainward -> %SystemRoot%\TBPanel.exe -> Gainward Co. [Ver = 3.29 | Size = 2043904 bytes | Modified Date = 28/12/2004 19:05:18 | Attr = ]
Matrox Powerdesk -> %System32%\PDesk\pdesk.exe -> Matrox Graphics Inc. [Ver = 6.93.009 | Size = 684032 bytes | Modified Date = 14/09/2004 11:13:58 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 10:50:42 | Attr = R ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 6803456 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 86016 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.10525 | Size = 1519616 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
Omnipage -> %ProgramFiles%\ScanSoft\OmniPageSE\opware32.exe -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 03/06/2002 11:38:12 | Attr = ]
PCLEPCI -> %ProgramFiles%\Pinnacle\PPE\PPE.exe -> Pinnacle Systems GmbH [Ver = 1.1.13 | Size = 32768 bytes | Modified Date = 25/06/2002 15:35:08 | Attr = ]
PinnacleDriverCheck -> %System32%\PSDrvCheck.exe -> [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 04/12/2003 12:34:44 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27/04/2007 09:41:54 | Attr = ]
SBAutoUpdate -> %ProgramFiles%\SpywareBlaster\sbautoupdate.exe -> [Ver = 3.05.0001 | Size = 1015808 bytes | Modified Date = 01/01/2006 16:08:32 | Attr = ]
SpybotSnD -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe -> Safer Networking Limited [Ver = 1.4.0.3 | Size = 4393096 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 4865600 bytes | Modified Date = 01/03/2007 19:55:36 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 27/11/2006 13:10:48 | Attr = ]
UserFaultCheck -> -> File not found
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 00:02:00 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Directory Opus Desktop Dblclk -> %ProgramFiles%\GPSoftware\Directory Opus\dopusrt.exe -> GP Software [Ver = 3, 0, 15, 0 | Size = 276248 bytes | Modified Date = 25/05/2007 16:34:54 | Attr = ]
PopUpStopperFreeEdition -> %ProgramFiles%\Panicware\Pop-Up Stopper Free Edition\PSFree.exe -> Panicware, Inc. [Ver = 3, 1, 0, 1014 | Size = 536576 bytes | Modified Date = 17/03/2005 12:10:32 | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\3Deep.lnk -> %ProgramFiles%\E-Color\3Deep\3Deepctl.exe -> E-Color, Inc. [Ver = 99, 40, 0, 4 | Size = 49152 bytes | Modified Date = 01/12/2000 16:11:38 | Attr = ]
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/02/2004 20:13:54 | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 23/10/2006 02:48:20 | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23/10/2006 01:01:50 | Attr = ]
%AllUsersStartup%\E-Color Indicator.lnk -> %ProgramFiles%\E-Color\E-Color Indicator\TICIcon.exe -> E-Color, Inc. [Ver = 2, 1, 0, 10 | Size = 217088 bytes | Modified Date = 18/12/2000 16:26:28 | Attr = ]
%AllUsersStartup%\E-Color.lnk -> %ProgramFiles%\E-Color\Registration\SonnReg.exe -> E-Color, Inc. [Ver = 99, 40, 0, 5 | Size = 118784 bytes | Modified Date = 11/12/2001 15:09:30 | Attr = ]
%AllUsersStartup%\Microsoft Find Fast.lnk -> %ProgramFiles%\Microsoft Office\Office\FINDFAST.EXE -> [Ver = | Size = 111376 bytes | Modified Date = 01/08/1997 | Attr = ]
%AllUsersStartup%\Monitor Apache Servers.lnk -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe -> Apache Software Foundation [Ver = 2.2.3 | Size = 41041 bytes | Modified Date = 27/07/2006 16:52:04 | Attr = ]
%AllUsersStartup%\Office Startup.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 01/08/1997 | Attr = ]
%AllUsersStartup%\PGPtray.lnk -> %ProgramFiles%\PGP Corporation\PGP for Windows XP\PGPtray.exe -> PGP Corporation [Ver = 8.1 | Size = 339968 bytes | Modified Date = 09/06/2004 03:43:56 | Attr = ]
%AllUsersStartup%\Picture Package Menu.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe -> Sony Corporation [Ver = 1, 0, 31121, 1 | Size = 151552 bytes | Modified Date = 21/11/2003 22:02:42 | Attr = ]
%AllUsersStartup%\Picture Package VCD Maker.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -> Sony Corporation. [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 08/07/2004 17:13:42 | Attr = ]
%AllUsersStartup%\SpeedFan.lnk -> %ProgramFiles%\SpeedFan\speedfan.exe -> Almico Software (http://www.almico.com) [Ver = 4.32.0.169 | Size = 2796544 bytes | Modified Date = 28/02/2007 19:28:04 | Attr = ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
< User Startup > -> C:\Documents and Settings\Shaun\Start Menu\Programs\Startup
%UserStartup%\MailWasherPro.lnk -> %ProgramFiles%\MailWasher\MailWasher.exe -> Firetrust Ltd [Ver = 5.0.14.6034 | Size = 5541888 bytes | Modified Date = 20/10/2005 21:27:48 | Attr = ]
%UserStartup%\SpamPal.lnk -> %ProgramFiles%\SpamPal\spampal.exe -> [Ver = | Size = 387616 bytes | Modified Date = 24/10/2005 21:08:06 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %SystemDrive%\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} [HKLM] -> %ProgramFiles%\GPSoftware\Directory Opus\dopuslib.dll [] -> GP Software [Ver = 3, 0, 15, 0 | Size = 694024 bytes | Modified Date = 25/05/2007 16:34:38 | Attr = ]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 15:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 233024 bytes | Modified Date = 01/03/2007 19:55:48 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\HideSharePwds -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\\NoRealMode -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> ‘
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (713 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.freeserve.com/ ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM\blank.htm ->
HKLM: Search Bar -> ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://www.sheppeyunited.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.iesearch.freeserve.com/iesearch/default.htm ->
HKCU: Search Page -> http://home.microsoft.com/access/allinone.asp ->
HKCU: Start Page -> http://www.sheppeyunited.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr = ]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [HKLM] -> %ProgramFiles%\vmntoolbar\vmntoolbar.dll [VMN Toolbar] -> [Ver = 4.0.4.363 | Size = 1801408 bytes | Modified Date = 28/09/2006 19:45:00 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKLM] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [Viewpoint Toolbar BHO] -> Viewpoint Corporation [Ver = 3, 8, 0, 29 | Size = 38584 bytes | Modified Date = 24/02/2007 20:33:52 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar_en_3.0.131-deleon.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 14/02/2006 20:05:22 | Attr = R ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar_en_3.0.131-deleon.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 14/02/2006 20:05:22 | Attr = R ]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [HKLM] -> %ProgramFiles%\vmntoolbar\vmntoolbar.dll [VMN Toolbar] -> [Ver = 4.0.4.363 | Size = 1801408 bytes | Modified Date = 28/09/2006 19:45:00 | Attr = ]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} [HKLM] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [Viewpoint Toolbar] -> Viewpoint Corporation [Ver = 3, 8, 0, 29 | Size = 333472 bytes | Modified Date = 24/02/2007 20:33:40 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar_en_3.0.131-deleon.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 14/02/2006 20:05:22 | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar_en_3.0.131-deleon.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 14/02/2006 20:05:22 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [HKLM] -> %ProgramFiles%\vmntoolbar\vmntoolbar.dll [VMN Toolbar] -> [Ver = 4.0.4.363 | Size = 1801408 bytes | Modified Date = 28/09/2006 19:45:00 | Attr = ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Google Search -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmsearch.htm -> File not found
&Translate English Word -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmwordtrans.htm -> File not found
Backward Links -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmbacklinks.htm -> File not found
Cached Snapshot of Page -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmcache.htm -> File not found
Download All with BitBeamer -> -> File not found
Download with BitBeamer -> -> File not found
Similar Pages -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmsimilar.htm -> File not found
Translate Page into English -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmtrans.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{19EFE49A-BF0C-4CF3-9500-AEC8D7F1A470} -> () ->
{351F9764-5E37-498A-8237-CF279B2999D5} -> (1394 Net Adapter) ->
{851870A3-EBC3-453B-B30A-6A090D1C024B} -> (NETGEAR FA311 Fast Ethernet Adapter) ->
{ACFA536C-4268-4B18-A5C9-4E79133B099B} -> (NETGEAR FA311 Fast Ethernet Adapter) ->
{D67381B2-67B1-4B5D-A711-8DD0397CC508} -> (NETGEAR FA311 Fast Ethernet Adapter) ->
{F5721D8E-2409-47D8-A599-F75B929D908E} -> 192.168.2.1,4.2.2.2 () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01010E00-5E80-11D8-9E86-0007E96C65AE} -> SupportSoft SmartIssue - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab ->
{01012101-5E80-11D8-9E86-0007E96C65AE} -> SupportSoft Script Runner Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partne ... nicode.cab ->
{11260943-421B-11D0-8EAC-0000C07D88CF} -> iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shoc ... tor/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> LSSupCtl Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab ->
{2FC9A21E-2069-4E47-8235-36318989DB13} -> PPSDKActiveXScanner.MainScreen - CodeBase = http://ppupdates.ca.com/downloads/scanner/axscanner.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/ ... mv9VCM.CAB ->
{597C45C2-2D39-11D5-8D53-0050048383FE} -> OPUCatalog Class - CodeBase = http://office.microsoft.com/productupda ... t/opuc.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 2651339911 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/C ... 79.3940625 ->
{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -> SassCln Object - CodeBase = http://www.microsoft.com/security/controls/SassCln.CAB ->
{AE9DCB17-F804-11D2-A44A-0020182C1446} -> - CodeBase = file://D:\system\intralaunch.CAB ->
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -> Symantec RuFSI Registry Information Class - CodeBase = http://security.symantec.com/SSC/Shared ... /cabsa.cab ->
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} -> Java Plug-in 1.4.1_01 - CodeBase = http://java.sun.com/products/plugin/1.4 ... s-i586.cab ->
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
{E56347B0-6C2B-4C2E-939F-EE513EAC80BC} -> Creative Product Registration ActiveX Control Module - CodeBase = http://www.creative.com/register/OCXs/C ... tNoMFC.cab ->
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -> ActiveDataObj Class - CodeBase = https://www-secure.symantec.com/region/ ... veData.cab ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -> &Yahoo! Toolbar - CodeBase = http://us.dl1.yimg.com/download.compani ... _1_6_0.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\SYSTEM\dajava.cab ->
Internet Explorer Classes for Java -> - CodeBase = file://C:\WINDOWS\SYSTEM\iejava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
ppctlcab -> - CodeBase = http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab ->
Yahoo! Pool 2 -> - CodeBase = http://download.games.yahoo.com/games/c ... potc_x.cab ->

[Files/Folders - Created Within 30 days]
Python25 -> %SystemDrive%\Python25 -> [Folder | Created Date = 28/05/2007 16:09:09 | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 22/05/2007 17:58:35 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 08/05/2007 18:49:42 | Attr = H ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 13/05/2007 11:34:48 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 13/05/2007 11:34:48 | Attr = H ]
wrSpySweeper_L0885B4742CF64541A439C08E989DC867.job -> %SystemRoot%\tasks\wrSpySweeper_L0885B4742CF64541A439C08E989DC867.job -> [Ver = | Size = 1540 bytes | Created Date = 02/05/2007 10:34:37 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 29/05/2007 10:28:41 | Attr = ]
wsNewsApp.enc -> %System32%\wsNewsApp.enc -> [Ver = | Size = 592 bytes | Created Date = 18/05/2007 14:56:48 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 27/05/2007 11:41:26 | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 24/05/2007 22:03:12 | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 28/05/2007 17:10:10 | Attr = HS]
My Music -> %SystemDrive%\My Music -> [Folder | Modified Date = 29/05/2007 16:41:58 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 30/05/2007 12:34:16 | Attr = ]
Python25 -> %SystemDrive%\Python25 -> [Folder | Modified Date = 28/05/2007 17:11:50 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 30/05/2007 08:58:58 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 22/05/2007 18:55:20 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 22/05/2007 18:58:40 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 08/05/2007 19:49:46 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 30/05/2007 08:04:40 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 13/05/2007 11:42:42 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 29/05/2007 11:28:46 | Attr = S]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 08/05/2007 19:54:12 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29/05/2007 11:28:42 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 28/05/2007 17:10:10 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 30/05/2007 12:42:14 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 14511 bytes | Modified Date = 27/05/2007 10:09:32 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 18/05/2007 09:43:28 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 30/05/2007 12:51:28 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 13/05/2007 12:34:50 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 29/05/2007 20:33:16 | Attr = H ]
Shaun.pcb -> %SystemRoot%\Shaun.pcb -> [Ver = | Size = 7680 bytes | Modified Date = 30/05/2007 08:08:14 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 574 bytes | Modified Date = 21/05/2007 14:33:30 | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 29/05/2007 20:33:22 | Attr = ]
TASKS -> %SystemRoot%\TASKS -> [Folder | Modified Date = 30/05/2007 08:07:58 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 30/05/2007 12:12:50 | Attr = ]
Twain001.Mtx -> %SystemRoot%\Twain001.Mtx -> [Ver = | Size = 6 bytes | Modified Date = 30/05/2007 08:59:28 | Attr = ]
Twunk001.MTX -> %SystemRoot%\Twunk001.MTX -> [Ver = | Size = 156 bytes | Modified Date = 30/05/2007 08:58:58 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 23/05/2007 18:59:02 | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 30/05/2007 08:07:58 | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 30/05/2007 08:04:50 | Attr = H ]
wrSpySweeper_L0885B4742CF64541A439C08E989DC867.job -> %SystemRoot%\tasks\wrSpySweeper_L0885B4742CF64541A439C08E989DC867.job -> [Ver = | Size = 1540 bytes | Modified Date = 25/05/2007 22:00:14 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 29/05/2007 11:28:38 | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 2496 bytes | Modified Date = 02/05/2007 20:41:12 | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 2608 bytes | Modified Date = 29/05/2007 20:33:22 | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 13/05/2007 21:13:58 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 08/05/2007 19:54:50 | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 27/05/2007 12:41:28 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 218448 bytes | Modified Date = 21/05/2007 14:38:08 | Attr = ]
inf32 -> %System32%\inf32 -> [Folder | Modified Date = 02/05/2007 12:55:30 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 29/05/2007 11:28:42 | Attr = ]
SIntf16.dll -> %System32%\SIntf16.dll -> [Ver = | Size = 12067 bytes | Modified Date = 30/05/2007 09:34:50 | Attr = ]
SIntf32.dll -> %System32%\SIntf32.dll -> [Ver = | Size = 17212 bytes | Modified Date = 30/05/2007 09:34:50 | Attr = ]
SIntfNT.dll -> %System32%\SIntfNT.dll -> [Ver = | Size = 21840 bytes | Modified Date = 30/05/2007 09:34:50 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49616 bytes | Modified Date = 30/05/2007 08:05:18 | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12704 bytes | Modified Date = 30/05/2007 08:07:52 | Attr = ]
wsNewsApp.enc -> %System32%\wsNewsApp.enc -> [Ver = | Size = 592 bytes | Modified Date = 18/05/2007 15:56:50 | Attr = ]

[File String Scan - Non-Microsoft Only]
aspack , -> %SystemRoot%\direcpll.dll -> EnTech Taiwan [Ver = 4.10.01.27 | Size = 29184 bytes | Modified Date = 09/04/2002 16:54:56 | Attr = R ]
aspack , -> %SystemRoot%\Pirates of the Caribbean.scr -> ScreenTime Media [Ver = 2.2.3 | Size = 192000 bytes | Modified Date = 03/05/2006 18:55:16 | Attr = ]
UPX! , UPX0 , -> %System32%\c3mt.dll -> [Ver = 1, 1, 0, 0 | Size = 50176 bytes | Modified Date = 06/04/2004 10:27:56 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 13/01/2007 02:03:26 | Attr = ]
WSUD , -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 5136384 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 01/08/1997 | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\PGPsdk.dll -> PGP Corporation [Ver = 3.2.2 | Size = 1323008 bytes | Modified Date = 09/06/2004 03:38:44 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 27/11/2006 13:11:40 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 19/11/2003 14:59:36 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 5.0.116.0 | Size = 427864 bytes | Modified Date = 11/05/2004 10:46:40 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 26/04/2007 14:43:46 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 06:41:38 | Attr = ]

< End of report >

Many thanks for your help so far,

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top
Advertisement
Register to Remove

Unread postby SheppeyRed » May 30th, 2007, 12:41 pm

Lost patience with Kaspersky again. :(

It got past the .sbd file that it hung on last time after 3 and a half hours - only to get stuck on another one of similar size. Wasn't prepared to wait another 3 hours or so so stopped the scan.

It did, though, pick up 14 problems so I'll put the scan results it did get here:-

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 30, 2007 5:36:16 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/05/2007
Kaspersky Anti-Virus database records: 334084
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 20102
Number of viruses found: 4
Number of infected objects: 9 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:33:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0097e93e7b4fd29af0668f238cf4ebfd_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00ad058059713e5be9030cb710eda894_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0197c486e7a49dc76be5bb03a378ac1e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\027ddbff441fde2986827c702bff58fb_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0305080cb6b93fab37081090ebe903bd_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03eb663c6a89752a5dff67ebf406e53e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\043a51c001baa60c65ed41da7fb6e663_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0493d7bdccadb493c9f2c1ce719e56c5_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04fbd28a460786c29daa64650c56f225_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05aaf26d2ddaa64724be8ed58eee2017_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08016b91310785511ff531b2ffacc79d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\082271fa98ac3ff869265d14ca3e4eba_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08474278ab345cf62f790cadfbb5a47c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09ba8ecf577c36bade4f1966cb219ba4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ada6d7e5008851dc8163db5e661ee13_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b92a297521bd94f2c852068673088b8_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d39a1d80d8fe7edc1755eb2b816894a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d463dd52ca00e1af750e61bbc5a3216_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d8fb74f719a49cd0d7ecd5fff113856_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f12b425afeac54b6014b82b8e91ae81_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f1a5bd934a5c68f38e6ad148bf457a1_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fe78a81a914cf49eadfc804929480a9_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1034ddcfd595c05e409cf389dd3ab937_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\108f16ad2a272a089ba782d4d22d6e0c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10e3de2cb3b470fedecae9892022ed60_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\110592d41a9c59cdd670faf85c763151_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\113c712789e89d3499331f12fe87197a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\125f67b46191f0fc8e560c5df72bc866_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12c8dfcd1671a7221bbc4480c2398647_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\140b3cb3c2e34d6aef8eb9abaeffaf82_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1492bb265bdf50661242bab1747a2f94_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14a24ad843254ef6d48225b391375479_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1556f8e9f1a0a9be168584cf583a8263_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1571b851a3e595f5869193ab53de99b6_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15980f77a1dd45cc8b68990a341cd6dc_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15db5d35ce473d599d43c8206cc4a76e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\166d08bdf8d96af4f7365ddeaa3f9372_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\169942b1e6756ce78b09f7b00d6517fd_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\172a744009ce9af12c2ff35f7af069a4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17669a17e978f40aa0c8741ff46d1a06_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18a6a4664024bda702d99c608db4294e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18dc20911c350a587580d7d66ec05358_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19a534aa95edc86d8d616893181e4357_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d4e61c32a41c9dee98ded94766c4198_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e844fe5abc1cd9edb3121b74371b6f9_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ef9124be006b10abbfbb5b71d665155_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f54003c4367357707b5aecda13f1415_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1feedbd080b1741cd77cb1dda887e959_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ffd38ada534b7228f7952d425a6d7f1_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2098fd8020591bcd28a8cf8f5253dc56_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2277ca8f5b318ffc11c834281816fd9c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22efb1a6847d2b6818a0453d4915dbee_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24813201ffa28af5f8589593da2809a4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24a88e08e11f11188a104303abb1de89_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24ada6a266c68d97a8053fc2149c7230_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24b0fb0fafe8c6ce900356c356f54560_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25ac0f22d22d104f5300919ba5f5c41a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25e3228670df3a3e9fe30dd0a3a271aa_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27c560b56ef187ed26b5cbe0d9448eef_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2800dbc4c5e4edd24ac0c364748e408a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\289309669f7535c60e88a9494c6e09a3_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b9a48a1bc0664595e1c5901164d9e0e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d00b04ba03d58d891c5e8e5e0501e20_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e403c5af0b473962de0565109492db9_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e8715d9a3ecb52caa4baab2a818d773_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3248597204bdf46f62c2cebb325f7441_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\338e8bc461bfe0eb7c082dc2370b68f1_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34273e504747b41f5734dd40442e47ab_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3446ddd532ca2c643ce2ed9802caf1af_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3523d9538e25763b77c5d1b4425a66df_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\355e1ffbfd4eb056bc78c71adb72e502_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35688b484d443d3567fd0d328850ce28_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35e4a0b8fa2c892d1ec1609044ee4a7f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3746904e1515f472fe6bc21865f1b944_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3747b629283cae894ea55fe4a4ed9b12_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\374ea9fda8bc022e5af49a1f2c60047d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3829fea3760f96a782d88d14fc399b5d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\38aad36bb869fa28e07cf2bf201cbf3c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a0da52a163aafd318e5e95be20099d2_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3dbe8c102bbf7513f26278eee8898213_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e4048b42fb252ab4d9e5aabd4074381_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f39b2bb712b820bfeb873f0a8c01d19_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f89cf6b903b0f5dca4ea0d5763bdc61_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40035d99cdcbe4a434ae5bad295e80b5_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44e3096aa280e4d7a6f86be41327efbd_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\468ab729947793ab4112f693087373ff_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46b743017c68bf3dddedde5fd75ccb95_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\495a3205e9f35069766ed817cf9d0616_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4970093cdbe4573fb0473d7be6ac3b77_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49765951e9e257e28bc2061df02e1a5c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b143be6cf6385db05c1208c42cd187b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b5c1a6ebd106ce6706ae39e10728329_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c58989bf4918faf8c2968cd8e878805_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d59f36ad6778d87a74e4107b0e4e0d5_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d9adcb37e33e5d0e7ea81ea5007f3e2_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ee4453dc6cc9747eb393dbd1440f65e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f551c5cc835b8d18a23aff9e1069f7d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50433a99582c8aa524ad31d6a3cdfeb7_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52b3df86e068cd5cfb87c412c2eeadf7_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\53f6194ae8659275472fc9904da48a5a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54c2b45ef807afb8a654cc17a971bf0e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\555590877862247712a089215699d64a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5685297251cfa18170035287909eb088_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\573876c243990b4c17fb1288723c45fa_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\580a82395d6577fb1ca41fa8f3d4c81c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58690da980cb9f2cddeb882a28b4f2be_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a468e3374940bd740500e739824b19b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5bfff7edf09e2a673b7145c6bd8efd9b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ed4c325d21dd7dba72a14e31578a320_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f1d06b7b03a0edcaeeb18e7296258eb_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f76206183cf55feced1596cd9326025_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ff9b62407013a5647943c4624714b58_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\605c549716edf5520a1023c4a7bfbc86_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60a7d18720c0212c610d81b47a0ae1f1_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60af1b5786cd5829968c6140595a5c0e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\616dbe2f8aa9bd45419c614c447864ed_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63b17ad82ac9c2d57d28c34142c4d318_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63e1dbf49c2de71a8091e49060fc796c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64605f2e7bd454d2bd9b8d4076190259_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\647ed1476bd79368d18897a9b493e655_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\650d0eaa3296b0a8657a8ba3f836c5c3_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6553f6715958b8cf7a761ee9a1d9c507_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\656244341db60b5a84e3c2d48dc32ae6_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65bc5328241f712f425ac81acdd05e6d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65feff8eba9d3346033aa7b46db10b64_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\666f2f201e25ce0ae271e6cde2105c5f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6688de1d0a3a559277c64125275b1c30_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\674413efb36852d60ef6e2d6dc260cc6_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\677aa9fd98d9c8bf0a926d2a757c4be1_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67c8c2ad78d53dc0254c653d567f16ba_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68666d9ad4ad80cffcc2654058f69f60_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68aedb6f507946eb955a1242abbf1bd7_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6957996bb18329866ff1b52edb5f95a9_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a10f918c1c614648f2779db0804b057_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a2a760953cf5022298727c48ecf612e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a5a860827d6dcea3864a6b6a0827c20_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a685e1bfd438c7804daf8590857909d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6afdac7142e72f8b565c6f0d565e1c8c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b09a578adae15245f882c56cc81da49_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b1db5c1e81b5feafa325ea6e8e31c00_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6be3c6bac7a2afba014cf2be9dcc5f9f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d5c155d1c6ca8dd9368683f4ee03098_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d951e4924ea4429f193b25ceea8cdd1_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e726d30aecb654dbdea723ed9395670_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f8a24fdbc88e8349c5ed0daa45deddb_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f90f68072113705ea6ff5955c3f767e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ff59a1b013c33e53e54951b3b532572_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\709770aa5781845912f1958df54f189d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\716a1b3370db5dd591c2a0a5bc24fb54_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\717da34a3bd800b1f93d44b0f87b6426_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\736b1aab10c8054a4debbdb3cfe5205e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77a2429ebbdfcebc6013f8be959ef10b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79146aa63b2e405bab2103628959dcdb_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79dbba2b0d661d96c2a49c98d5784f90_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a93c3eb9a98f7dc5c13f7cdce3fb838_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7bc9cb6922d87510bcf5189eb3a2eeae_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c7861ad92b45f1e171a520093f02126_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fa9029b3fcfc08ed6b0d2554eb54a7b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8074bb130b28465a20fcce0be97e6a1d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\826a8a5812c9b3c03224a84b0b860b17_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\826adee245cfc5b0965c19c62b94719c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8380122ed694f160f83f09f2a253a322_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84e199e1402dbf7ae3ebadc9bc001ec2_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85ceade642e06fcdc30c123b79a175c4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8894ab4f71774fbef3f1631c9b432651_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\890eae2f4b447332f4f3636f387ff078_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a024b773a8e7e6077af0a43fc4d2fd5_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a4fde90f1dd04fd9103f0e2df848fc0_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b15d3619a096e1163e0884e0cb89d4d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b8f47af5a1be63f1b270d2b15ea79ca_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cc006cf84841b097decc7c6ae722da6_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d08893b4b66fe2f18c2f366619608c1_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e09c4d5024cd6b8eb30c08889873bf8_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e1471bd957a30a81f7d235fac3be13c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9022530c41b7736a4e6ad74a0af31406_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90371b52973d53dbb88ac433f3f8beb6_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90fa5e32ddc1020a14a6eb893656fccf_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91d057984b94ce8236b07f0b5a3622a3_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91ea041016365b0df4d6cd5f0b388c8e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92124127aa5aea018ee1df823d674214_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\934a0dedab452a55cb497b4633f64930_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\944f0d21dab142ef1db0d032865620ef_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94f21d51faea2bd1f3f3aaf734e192f0_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9528981b3ce02f740f276b6ad63633d0_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9538acf2f69f591f7d2392063f15b90c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\954a087d552c6d2c5502a2cdf12c298d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96c7f5d449884108e7241b7951d262d2_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97be30596c5fc57955893f3ff15cae32_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98c828b46422e5e9931e0464b9e97bc6_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9939698fb82ac1911a6642625e42dba6_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99bbdbe29a2e11529b7586b88718eff8_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a32fb9c12a4051764c182e7c5e8dc7c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b11a6872175afc74277f7ecc7f3634e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c99dec1e5d9f606ef46430a2263a7df_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ca8b49fc42b9bd91f90b050e135c6fe_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9cb705894219582237ab13c91493c6bc_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d4d7e5ca93fe4203e597b765cb6d7dd_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d7a6663975b71172ea82e76aba54949_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9db32a86b523b0d6cb64064e992d8382_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9fa458958a7b26cea6193938d8e50136_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9fbfea7f4f5bfa95d46788a784f2915f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a01e3d5f0d8a3f1c748c8616343fa12f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1b20b44e458a7cd5a1c456217739031_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3f79655d5724740bfd5bb8341e7cb34_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a46f82766b1f66a9acc219b84fc79ea4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a57c34a6e9a05995817f06f1c2a81c45_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5c6eec058ef75dc8ff4deb8c08c0621_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a854e5059de46e92b19038cda0dd4565_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8931f4e689253e423aae4358d2a1bfb_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8c74fd594cfb5407bda6a16b9e9eef8_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8c97996e6f0570b846f7235baef08c5_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9578bc92af91464fc196d1d3dd94b9d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a97a5249833b7098c9835454b689fcb7_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa825dc58b92513f6159c6e21f41baa3_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab249836a0182b1a7eafad55a940e41c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abb0c5d71f360cc5b80955fed4f6b483_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac47dee5fedfc92de03e8a8c51d65981_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad20f53bc76d0cfc076843b68fee476a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad3d3e6176c0c2bff74a685bb10ce2d8_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\afd97d9efc6beddcc5aaf344ab307ec5_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b02b24715cb64901167fb89c517748c7_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1092c6cc67fcb54a33ab58001f5fdcf_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b26ac3795f139e8d489087553f112a53_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2bc4f86206e32ad967dbb4893b837dc_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2f02444ed4f8ac1c74f1375f67a994d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b314bf3788ced374bd73900bcb7a713f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b67dd12dc1c80aef55d5cba440979ce9_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b752138c154cbdce4885223fe3eddb88_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7b512bc254605a6939ff76c1d6fb29a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b870782be64972fa536c985ed3c87728_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b976cc7f7d9d9bb83ee61134e5144972_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9bd7c5d1c8e8efcbbc87e0e0f034398_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9f0a50116d8fc5acee66d8e4358be28_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb5284efc7c54b6093949c4c0cda6191_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb66ab9ca1fc9db56644ba6d5ceb6da1_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbc8d7300744fa167840a75de3c5da44_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbe0bb06468450f71b6dbad6cd9411f4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be3b4f63d4d9dbd9a2e95eef9c292719_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bec6e3bd552e63a23910aab0ba5809e5_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bee1d86c96cf096b1bcab1066f271445_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf0fee64a54eff5fb369f815779fd6b6_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf6ddd88d845e9c6a6ff54c06b6c162a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c01d8f6efd418cca845bc31249e39e07_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c024857801fab786965150ddd2b4f98b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c07120843287a125c8ca3dd013a5ad61_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0c117d13a032f8c5c67b8516f880de2_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2d99ce5604081ef7715971bfce66aa9_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c320999087cc92cb1246bc38936d0ccc_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3b2ef565698f5a952f721d7d35991f8_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4353835f7b2882626ab49a3168c6ac4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6538ff4db74627750d2ab698b829584_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6ebe81f6f1d274f623f085b99637cbc_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c763ef3fb73b68284aa12b8181a79e3c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7b59518e3343c7f4bb65768d0a6f2db_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c928e2637abb94e755e974d8339b82e1_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c94c2e472a60a93d6ef948057a402f23_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c97a23e4cfb53e5fd1d71f49f4cd1316_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9e12881b3d4c2270bc1e0bf90029cbf_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca2a17734a7e54c541fbc6cb394def1b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbbe72d73b25f0b6dfd19f680140948d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbf4d7acd7a6fa7c380289d973ca609f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc4dc039fedc542c9904bcc16b7c727b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd82e7c005e89a6f2855a402d30f97c3_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce18ccc00f74b34bbb4071e3d22190bc_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce883cbd3c83e2f11d533f6f55b103f9_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ceedf086cd309e35737741bf3c85a0fa_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf1c4a4eaf066bee8ce184dd0501bde8_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf426833234788a361c03e4572332d69_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cfcff2e4d0f8f65412778483bf43dc40_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d096021a74d5e890e184d58c12e134d8_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1476ffad31c9a7bf054f63d7f1fdc2d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1d56e0c9630f81997095e67a115bbc4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d312231b005b489e13c17529d171d322_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d38600662a5d3769039a54748400596f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d38bbb38cc683d84417ebf8d45d9239d_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d5399266f4e34bffc9604dcdf27b7be0_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d64a49c2316b77f093dab2b595377ede_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7459c69df65183b3cfc4030a0b6571f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7b581858bf6574e6f66a0ad73a41f67_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da8782e522991e8a447825f632315ece_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dcfd638437a2b2aca1099106855906e9_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd02cd0367f058be673f09db6c8bf933_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd7fe3ddfb5ce9d13f4eca552ea458a3_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ddc613591c44c3792c56b3d9761fa7c2_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ddc7e61a08d8cdb568ebc0334d27b097_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df31e554328a05562a370c7226bbeeae_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e045afcbbd084bbde5a12083ae32c041_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e34e32778bc7441960eafda32c1c0a23_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4d12e6a43bd20d81bd0e8ca6464255f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6bc33c7dfe21387bb8553b70d97f972_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e93b41e92cfdfe93d552948af0e1680b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e94a71cf45ba88b19c5a3c4153143515_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea4709be9f8e9fd65b39987babbb09b4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea73c0c6573a299aefe8440a44fd5007_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee146d73f7d11060d3e6e2444cf79236_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee93b3d508fdd13e47ac95fd5f0a06c2_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eec8bb096058479309e018fffc748e70_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f09761d58a4aa6609ec026b4244334d4_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0a3325a4017ce461e76d630f70dc52a_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f25f2348f297a5f59475607a7ba6ceeb_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2eacbf8d77c2c6bbaab1c06abfbfc17_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3554b5dec4453b5d48539c59821e994_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f460fcfd7eda616cfeabfe9978844938_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4adddb8d6edae0554b4c4f00d06ed1f_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4e498683e8022d199ebcdd6e6080d46_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5bc735bca4256d66bc7255a2bf4ef84_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5c43a146426d62978095015d2b97a4e_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f655adf46ff6bb17637d8acde72d82e6_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f81b6054bace47bd91d610f3e74ca90b_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8f50a9e9d22b21fc6b01283b9e24d83_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa6c5ff150ef8ed194d8dc70cf117766_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa6e3f769831f732055118b3186a5231_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb03f863b81952b7de7e868f04fb628c_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb41da958e8bd8da3edd0f40140eb0f0_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb8694aedcfe022573c64f5642b95c83_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc271d01760a6a37fc22aeef58b19247_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc7f3425e26118022d45e93a421ee540_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe00a8f1fedf80c3ffa19de6af319476_020baebb-90a0-4a82-b7ab-ea7e6969d9ac Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10242006-221533.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\156A550F.tmp Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32770324.tmp Infected: Net-Worm.Win32.Mytob.bi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D495862.tmp Infected: Net-Worm.Win32.Mytob.bi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61BB5FEF.tmp Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64C12986.tmp Infected: Net-Worm.Win32.Mytob.bi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\707E58D4.tmp Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78F268BB.tmp Infected: Net-Worm.Win32.Mytob.dk skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0235F2DC-4787-4220-85B7-009CBF123AF3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04B725A2-A122-45E7-939C-60572EF6544C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0822B45D-215E-4EAA-A0AA-7CF88F9FC4F8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS09892873-112C-4082-A87B-06784657D50C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D3400B0-3384-4F9E-BDEA-02EAFA6495BF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0DA8B8CE-3C32-4A73-B35E-18697140FF1B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS143413EB-7576-4E2F-87C4-B0101F4586D2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS174C78BD-7345-48CD-AA4A-2769018BE019.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1885E61F-6757-42B8-AB2B-74A93D58E5CA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A852A42-9145-4F1A-A68B-CB3F290514C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1C9E0728-B75F-400D-8D2E-297435D68435.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2077D1BF-0E34-4E07-91DB-549A25A733DC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS20A116E6-48E0-43CF-96D3-B3D68BC7FF05.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS217B30A4-C30C-4FFA-A8E0-72892AE5916D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS262E7948-1E92-4BE4-905D-510F48D1421F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS33AE5D69-B50E-47EF-8FC3-BBE0A9B5C29B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS38836AC6-B9CC-49A2-8846-9354D6EAD1A6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3CF21BB9-C923-44F7-A057-B85E06C10BF1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS41D6C676-C205-433D-B91B-D08F95809F10.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS43A40FED-1820-4D04-9F0F-0700AD90484D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4CF4FAF9-62D3-4E3E-AFA8-96A4F90AAA51.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4E8CDE2E-520A-44D4-B82F-93BF85A7884F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5327C6CC-39D9-49D2-B6D1-A12836779FB2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS57C050BA-6088-40E9-B900-A9E41742E81F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5A8E9F32-D956-46C5-9D33-54D48B15AEBC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5B6E2142-C927-4FC2-ACFD-54FC731BE1D3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5B92F7A0-A79B-4FAB-943A-8D24E28128BB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5BFCCFEC-89D7-4DB4-99E2-E3E8496378D1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CD181DD-DCCB-4353-B1D7-89FA4AF67E5D.tmp Object is locked skipped
C:\Documents and S
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top

Unread postby SheppeyRed » May 30th, 2007, 5:45 pm

Had some fun with GMER.

Ran the program and it did it's scan succesfully. Had a problem when saving the scan results though. Ran a scan 3 times and each time I tried to save the scan by clicking on "Copy" within GMER to save it to the clipboard before opening up Notepad to paste it then save it and each time the PC crashed. It just hung and had to be reset. Even hitting control-alt-delete to get the Task Manager up to try and halt either GMER or Notepad wouldn't work.

Tried Wordpad and Word as well in case it was an issue with Notepad - PC still hung.

I'll give it another whirl tomorrow in case it was something I did which is more than likely! ;)
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top

Unread postby SheppeyRed » May 31st, 2007, 7:50 am

Success! Was able to run GMER and save the log to a text file.

Interestingly, looking at the Kaspersky scan that I posted yesterday, I see that the Norton AV quarantine files are still there despite my having uninstalled NAV when I bought AVG anti-virus a few months ago and that there's a dodgy file in Outlook Express's dbx file for my E-Bay folder. I normally delete any dodgy e-mails from E-Bay (you know the ones - they're always addressed to "Dear E-Bay member", etc rather than by name as genuine E-Bay e-mails do) but one has obviously slipped under the radar. I'll have a check the next time I open up OE.

Anyway, here's the GMER scan,

GMER scan log:-

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-31 11:15:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 8236FF30 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT 823A3368 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT 8236FFA8 ZwQueueApcThread
SSDT 8236FE40 ZwReadVirtualMemory
SSDT 823CF148 ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT 823A3200 ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT 823A5710 ZwSetInformationKey
SSDT 823A3458 ZwSetInformationProcess
SSDT 823A3278 ZwSetInformationThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT 823A33E0 ZwSuspendProcess
SSDT 823A3188 ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT 823A32F0 ZwTerminateThread
SSDT 8236FEB8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 6 Bytes [ F0, 01, 5B, F5, 80, 64 ]
.text ntoskrnl.exe!_abnormal_termination + 10B 804E2767 5 Bytes [ F5, B0, 66, 5B, F5 ]
? srescan.sys The system cannot find the file specified.
? C:\WINDOWS\System32\DRIVERS\update.sys
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 6 Bytes [ F0, 01, 5B, F5, 80, 64 ]
.text ntoskrnl.exe!_abnormal_termination + 10B 804E2767 5 Bytes [ F5, B0, 66, 5B, F5 ]

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3828] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ AB, FA, C3, 83 ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 81CC6FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 8201AC68
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 81FD8EB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 81FF7C80
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 81E4F2A8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 81D6F180
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 820071C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 82012F80
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 82055FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 81FF4138
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 81D12FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 82003E70
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AF685A] avgtdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 81FF1940
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 8205E1D0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 81E55DD8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 81E460A0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 82395D98
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 81FE61B0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 81FDAAD0
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 81E6FC88
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 82395360
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 81CEB330
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 81D33730
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 81CC6FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 8201AC68
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 81FD8EB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 81FF7C80
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 81E4F2A8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 81D6F180
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 820071C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 82012F80
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 82055FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 81FF4138
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 81D12FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 82003E70
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AF685A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 81FF1940
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 8205E1D0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 81E55DD8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 81E460A0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 82395D98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 81FE61B0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 81FDAAD0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 81E6FC88
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 82395360
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 81CEB330
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 81D33730
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84C5A7C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84C5A7C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84C5A7C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL [F84C5A7C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84C5A7C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84C5A7C] sfsync04.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 81CC6FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 8201AC68
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 81FD8EB0
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 81FF7C80
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 81E4F2A8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 81D6F180
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 820071C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 82012F80
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 82055FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 81FF4138
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 81D12FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 82003E70
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AF685A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 81FF1940
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 8205E1D0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 81E55DD8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 81E460A0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 82395D98
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 81FE61B0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 81FDAAD0
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 81E6FC88
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 82395360
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 81CEB330
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 81D33730
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 81CC6FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 8201AC68
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 81FD8EB0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 81FF7C80
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 81E4F2A8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 81D6F180
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 820071C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 82012F80
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 82055FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 81FF4138
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 81D12FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 82003E70
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AF685A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 81FF1940
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 8205E1D0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 81E55DD8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 81E460A0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 82395D98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 81FE61B0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 81FDAAD0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 81E6FC88
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 82395360
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 81CEB330
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 81D33730
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 81CC6FA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 8201AC68
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 81FD8EB0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 81FF7C80
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 81E4F2A8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 81D6F180
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 820071C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 82012F80
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 82055FA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 81FF4138
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 81D12FA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 82003E70
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AF685A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 81FF1940
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 8205E1D0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F55C18A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 81E55DD8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 81E460A0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 82395D98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 81FE61B0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 81FDAAD0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 81E6FC88
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 82395360
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 81CEB330
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 81D33730
Device \Driver\SI3112r \Device\Scsi\SI3112r1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84C5A7C] sfsync04.sys
Device \Driver\SI3112r \Device\Scsi\SI3112r1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84C5A7C] sfsync04.sys

---- EOF - GMER 1.0.12 ----

Many thanks John,

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top

Unread postby John B. » May 31st, 2007, 10:26 am

Hi,

Your computer seems to be completely clean from malware!

Lets run the Norton removal tool, which removes the leftovers of Norton (Norton is like malware, hard to remove), and I'll give you some possible solutions to your redirect problem.

You seem to have some leftovers from Norton AntiVirus so please download and run their tool:
http://service1.symantec.com/Support/ts ... enDocument

One solution to your problem with http://splitter.lbbhost.com/ can be your ISP. They may have set something wrong which redirects you.

A strange thing I found out, when I asked other helpers about your problem, was that some of the helpers also got to the wrong website. This may be due to their ISP...

Another thing one member said was this:

ndmmxiaomayi wrote:It might be the VPN...

In school, I have to use the VPN, and I can't access the site. At home, I can access the site without problems.


I don't know if you have to use that toolbar but it's good to delete it anyway:

NonSuch wrote:
LDTate wrote:I wouldn't want this on my PC.
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

http://toolbar.vmn.net/en/privacy.php


They almost manage to make it sound like they'll be doing you a favor by sending you spam. :shock:


So I think you'll have to consider deleting the VMN Toolbar, if you're allowed to and if you think it's worth doing it, and then see if you can view the website.

Please let me know.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Top

Unread postby SheppeyRed » May 31st, 2007, 12:30 pm

Hi John,

OK, I ran the Norton removal tool and then deleted the Symantec folder on my HD.

I ran HijackThis again and deleted the VPN toolbar.

(As a matter of interest I had some issues with this toolbar when I installed IE7. It wouldn't let IE7 open a new tab when I clicked on a link. After taking advice I disabled this toolbar in Manage Add-Ons and IE7 worked just as it should do! :roll: )

The VPN toolbar now no longer appears in Manage Add-Ons since running and selecting the item and then clicking on Fix Checked in HijackThis so I'll assume it's safely deleted unless told otherwise! ;)

I went back and checked my E-Bay folder in Outlook Express and lo and behold there was an errant message addressed to "Dear E-Bay member" regarding a supposed "dispute" over a Toshiba TV. Funny seeing as how I've never owned a Toshiba TV let alone bought one off of E-Bay! :roll: ;)

And guess what? I still get redirected when clicking on http://splitter.lbbhost.com/ !

I had taken this to my ISP seeing as some people I know could access the Nutsplitters site proper but my ISP assured me it was a problem my end as the Tech Support rep I was dealing with said he was able to access the Nutsplitters site with no issue.

That's why I thought I might possibly have a browser hijacker despite all the precautions that I take when online.

Oh well.

Seeing as you've mentioned that it might possibly be linked to VPNs, I wonder if it has anything to do with the home network that I have set up seeing as I have this issue with http://splitter.lbbhost.com/ on my other two PCs as well?

Anyway, thanks for all your help so far John and if you are able to help me sort this out I would be immensely grateful. :D

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top

Unread postby John B. » June 2nd, 2007, 7:20 am

Hi,

You haven't removed VMN Toolbar the right way. I'll help you with it :)

Step 1: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java(TM) SE Runtime Environment 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Step 2: Delete VMN Toolbar
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    VMN Toolbar

Step 3: Check Apache and PGP configurations
A helper told me that you may have set something in wrong in the Apache/PGP configuration which can redirect you to the wrong website. I don't think you did but you can always double check. So please check the configuration of your Apache and PGP software.

Please tell me if you still have the problem, than I will ask the others again, and post a fresh HJT log.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Top

Unread postby SheppeyRed » June 2nd, 2007, 8:43 am

Hi John,

Ok, I'm trying to do this but I'm having a hell of a time trying to uninstall Java 2 Runtime Environment SE v1.4.1_01. Basically - it won't uninstall! :(

I've tried removing using control panel's add/remove programs 4 times now. It says it's removed it but it's still there.
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top

Unread postby John B. » June 2nd, 2007, 12:21 pm

Hi,

Maybe rebooting helps, otherwise just remove all the other ones, reboot and install the new version.

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Top

Unread postby SheppeyRed » June 2nd, 2007, 1:23 pm

OK, did that with Java.

I decided to uninstall both Apache and PGP as I hadn't used either program in years as it turned out.

Had a devil of a job with PGP. The uninstaller didn't work at all - in fact it crashed my computer. I had to go into the registry - after consulting PGP Corporation's own support forum - and delete all references to PGP before deleting all the program's files.

Still it's gone now - I hope! ;)

Here's the HijackThis scan:-

HijackThis log file:-

Logfile of HijackThis v1.99.1
Scan saved at 18:16:41, on 02/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
F:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [Gainward] "C:\WINDOWS\TBPanel.exe" /A
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\system32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Color Indicator.lnk = C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmcache.html
O8 - Extra context menu item: Download All with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/getlinks
O8 - Extra context menu item: Download with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/download
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2651339911
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://D:\system\intralaunch.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/C ... tNoMFC.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/ ... veData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... _1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5721D8E-2409-47D8-A599-F75B929D908E}: NameServer = 192.168.2.1,4.2.2.2
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\System32\lexbces.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Many thanks John,

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top

Unread postby John B. » June 2nd, 2007, 2:12 pm

So you still get redirected?
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Top

Unread postby SheppeyRed » June 2nd, 2007, 2:32 pm

John B. wrote:So you still get redirected?


Oops. Forgot that little bit of info didn't I? :oops:

Yes, I still get redirected.

Many thanks John,

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top

Unread postby John B. » June 4th, 2007, 6:58 am

Hi,

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/l ... areout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt. Also check if the problem is solved.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Top

Unread postby SheppeyRed » June 4th, 2007, 7:39 am

Hi John,

OK, I ran FixWareout as you asked me to and will post the report after this but there's one thing I need to know before running the dnsflush command.

I have a wireless network so the DNS address on this PC is set to the IP address of my router on my LAN. The router did have it's Obtain DNS servers set to "Automatic from ISP" but I had changed it on the advice of my ISP when I took this issue to them and had entered a couple of IP addresses manually on their request. I have now changed it back to "Automatic from ISP"

Do I still need to run the dnsflush command at a cmd prompt?

Anyway, here are the 2 logs/reports you requested I post:-

HijackThis log:-

Logfile of HijackThis v1.99.1
Scan saved at 12:28:39, on 04/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
F:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [Gainward] "C:\WINDOWS\TBPanel.exe" /A
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\system32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Color Indicator.lnk = C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmcache.html
O8 - Extra context menu item: Download All with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/getlinks
O8 - Extra context menu item: Download with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/download
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2651339911
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://D:\system\intralaunch.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/C ... tNoMFC.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/ ... veData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... _1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5721D8E-2409-47D8-A599-F75B929D908E}: NameServer = 192.168.2.1,4.2.2.2
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\System32\lexbces.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

FixWareout report:-

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"C-Media Mixer"="Mixer.exe /startup"
"nwiz"="\"nwiz.exe\" /install"
"Omnipage"="\"C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe\""
"PCLEPCI"="C:\\PROGRA~1\\Pinnacle\\PPE\\ppe.exe"
"Gainward"="\"C:\\WINDOWS\\TBPanel.exe\" /A"
"CoolSwitch"="C:\\WINDOWS\\System32\\taskswitch.exe"
"SystemTray"="SysTray.Exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PinnacleDriverCheck"="\"C:\\WINDOWS\\System32\\PSDrvCheck.exe\" -CheckReg"
"Ad-Aware"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Plus\\Ad-Aware.exe\" +c"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"Matrox Powerdesk"="\"C:\\WINDOWS\\system32\\PDesk\\PDesk.exe\" /Autolaunch"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck /autofix /autoclose /waitstart"
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" /STARTUP"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SBAutoUpdate"="\"C:\\Program Files\\SpywareBlaster\\sbautoupdate.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PopUpStopperFreeEdition"="C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe"
"WMPNSCFG"="\"C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe\""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"Directory Opus Desktop Dblclk"="\"C:\\Program Files\\GPSoftware\\Directory Opus\\dopusrt.exe\" /dblclk"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Many thanks for your help,

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top

Unread postby SheppeyRed » June 4th, 2007, 7:43 am

Oh, I did check to see if I was redirected even though I've only done half of the procedures you asked me to while I waited to see if I needed to do the other half due to my setup.

I was still redirected. :(

Many thanks John,

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Top
Advertisement
Register to Remove
PreviousNext
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 142 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index