Help removing f6.cookingluck.com

mmculp · 03-25-2008, 06:26 AM

Hello! I removed most of the viruses my 9 year old seemed to put on my computer, but need help with removing the f6.cookingluck.com.

Here is the dss scan. I will also attach the scans requested in the 5 step process.

Let me know if you need any other information!

Thanks for your help!

Deckard's System Scanner v20071014.68
Run by Admin on 2008-03-25 07:17:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 4 Restore Point(s) --
4: 2008-03-25 12:17:24 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-03-25 05:05:31 UTC - RP3 - Software Distribution Service 3.0
2: 2008-03-25 04:43:00 UTC - RP2 - Software Distribution Service 3.0
1: 2008-03-24 21:36:02 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:36 AM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.2:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O21 - SSODL: SrvWin - {96b0e33b-a91d-4f5d-bf73-fd87e5694579} - C:\WINDOWS\Installer\{96b0e33b-a91d-4f5d-bf73-fd87e5694579}\SrvWin.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6552 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080322-123310-283 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
backup-20080322-123310-684 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
backup-20080322-123341-813 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
backup-20080322-123459-548 O3 - Toolbar: etlrlws - {6D0FE499-35D6-47C0-BE2E-5C90E34CDCD4} - C:\WINDOWS\etlrlws.dll
backup-20080322-123510-182 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
backup-20080322-144153-905 O21 - SSODL: bokpkov - {B5A69B28-CC3C-404C-8DF2-7F7680E79ADC} - C:\WINDOWS\bokpkov.dll
backup-20080322-144154-866 O21 - SSODL: altvxvm - {98B5DC80-07F9-4D31-9FD1-439D5A07D056} - C:\WINDOWS\altvxvm.dll
backup-20080322-144234-288 O21 - SSODL: zip - {e50bd696-65d6-4126-afe5-886a934670ef} - C:\WINDOWS\Installer\{e50bd696-65d6-4126-afe5-886a934670ef}\zip.dll
backup-20080322-144234-788 O21 - SSODL: DrvAlrt - {fecd1ee3-0646-4b2d-a2c5-20b2149d0264} - C:\WINDOWS\Installer\{fecd1ee3-0646-4b2d-a2c5-20b2149d0264}\DrvAlrt.dll
backup-20080322-144306-367 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
backup-20080322-144337-577 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080322-144442-541 O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
backup-20080322-144502-499 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
backup-20080322-144527-853 O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
backup-20080322-144620-157 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080322-144651-135 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20080322-144742-208 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
backup-20080324-210712-420 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20080324-210712-518 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20080324-210712-590 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080324-210906-413 O2 - BHO: GNX Rolex - {766F2044-BB5A-4456-965F-E4CFD884CD2C} - C:\WINDOWS\drnpfdxsxp.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R3 AR5523 (NETGEAR WG111T USB2.0 Wireless Card Service) - c:\windows\system32\drivers\wg11tnd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter>
R3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 ATHFMWDL (NETGEAR WG111T bootloader driver) - c:\windows\system32\drivers\athfmwdl.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 catchme - c:\docume~1\admin\locals~1\temp\catchme.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-18 13:55:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-02-25 and 2008-03-25 -----------------------------

2008-03-24 23:23:17 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 23:20:58 0 d-------- C:\Program Files\SpywareBlaster
2008-03-24 21:24:43 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-22 21:15:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 15:27:13 3084 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-22 15:22:29 0 dr-h----- C:\Documents and Settings\Admin\Recent
2008-03-22 15:05:33 0 d-------- C:\Program Files\CCleaner
2008-03-22 13:52:52 0 d-------- C:\Program Files\Enigma Software Group
2008-03-22 12:27:50 0 d-------- C:\Documents and Settings\Admin\Application Data\U3
2008-03-20 22:20:40 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-03-20 21:03:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-03-20 21:03:18 0 d-------- C:\Program Files\Trend Micro
2008-03-19 18:55:08 0 -r-hs---- C:\Program Files\tmp3.exe
2008-03-19 18:55:03 0 -r-hs---- C:\Program Files\tmp2.exe
2008-03-19 18:55:00 98304 --a------ C:\WINDOWS\fmsxwqs.exe
2008-03-19 18:54:58 0 -r-hs---- C:\Program Files\tmp1.exe
2008-03-19 18:54:53 0 -r-hs---- C:\Program Files\tmp0.exe
2008-03-18 19:36:45 0 d-------- C:\Program Files\Safari
2008-03-15 18:34:05 0 d-------- C:\Program Files\iPod
2008-03-15 18:33:48 0 d-------- C:\Program Files\iTunes
2008-03-15 18:32:17 0 d-------- C:\Program Files\QuickTime

-- Find3M Report ---------------------------------------------------------------

2008-03-24 22:22:54 0 d-------- C:\Program Files\FileZilla Client
2008-03-22 22:39:14 10 --a------ C:\WINDOWS\popcinfo.dat
2008-03-22 15:45:48 0 d-------- C:\Program Files\Java

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 04:22 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 04:19 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 04:23 PM]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [04/08/2005 08:37 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [07/15/2004 02:07 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SigmatelSysTrayApp"="sttray.exe" []
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/01/2005 10:00 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [04/12/2007 05:58 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [3/24/2006 3:05:55 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/24/2006 3:08:15 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 1:05:26 AM]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [4/17/2006 4:21:36 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SrvWin"= {96b0e33b-a91d-4f5d-bf73-fd87e5694579} - C:\WINDOWS\Installer\{96b0e33b-a91d-4f5d-bf73-fd87e5694579}\SrvWin.dll [03/19/2008 06:56 PM 14378]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7fb944-f835-11dc-8c61-00167622eac5}]
AutoRun\command- E:\LaunchU3.exe -a

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8032 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-03-25 07:19:04 ------------

tetonbob · 03-26-2008, 10:56 PM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.

---------------------------------------------------------------------------------------------

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

mmculp · 03-30-2008, 11:42 AM

Thanks!!

Here is the report.txt from sdfix:

SDFix: Version 1.164

Run by Admin on Sat 03/29/2008 at 04:53 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\Installer\{96b0e33b-a91d-4f5d-bf73-fd87e5694579}\SrvWin.dll - Deleted
C:\WINDOWS\fmsxwqs.exe - Deleted
C:\WINDOWS\INSTAL~1\{FECD1~1\DRVALRT.DLL - Deleted

Folder C:\WINDOWS\Installer\{96b0e33b-a91d-4f5d-bf73-fd87e5694579} - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 17:02:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"="C:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe:*:Enabled:Microsoft FrontPage Explorer"
"C:\\FrontPage Webs\\Server\\vhttpd32.exe"="C:\\FrontPage Webs\\Server\\vhttpd32.exe:*:Enabled:Microsoft FrontPage Personal Web Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe"="C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 28 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 19 Mar 2008 23,154 ..SHR --- "C:\WINDOWS\Installer\{8533a820-a057-4c17-922b-dd57b4a232fb}\zip.dll"
Wed 19 Mar 2008 23,150 ..SHR --- "C:\WINDOWS\Installer\{e50bd696-65d6-4126-afe5-886a934670ef}\zip.dll"
Sun 28 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Wed 19 Mar 2008 16,768 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\26.tmp"
Wed 19 Mar 2008 16,768 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27.tmp"
Wed 19 Mar 2008 16,768 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28.tmp"
Wed 19 Mar 2008 16,768 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp"
Tue 25 Sep 2007 0 ...H. --- "C:\Documents and Settings\Admin\Application Data\Microsoft\Word\~WRL0005.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Admin\Application Data\U3\temp\Launchpad Removal.exe"
Wed 21 Feb 2007 2,996 A.SH. --- "C:\Documents and Settings\Admin\Application Data\Roxio\Dragon\DiscInfoCache\TEAC_____DW-552GA_________R4K5_300_DICV018_DRGV2050108.TMP"

Finished!

AND

here is the log from malwarebytes:
Malwarebytes' Anti-Malware 1.09
Database version: 567

Scan type: Full Scan (C:\|)
Objects scanned: 99370
Time elapsed: 51 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.bgkf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Let me know if there are any additional steps! Thanks so much - I really appreciate your help. I'm wondering why my pc-cillan isn't detecting these things?

tetonbob · 03-30-2008, 12:13 PM

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

mmculp · 03-30-2008, 03:13 PM

Here is the kapersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 30, 2008 4:10:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/03/2008
Kaspersky Anti-Virus database records: 673464
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 74806
Number of viruses found: 6
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 01:13:43

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012008033020080331\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF1DA8.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\My Documents\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Admin\My Documents\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Admin\My Documents\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0051f97cfc5fb8c7934f8af99a8ed96b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0125af55059d5e137fe0ec8127033b55_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04926f037aa7378f00cdf041ff3ced4e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04c854c5a8f2081bd97a4c750e5e08f0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0680016058f732e0402574dafafbe163_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0816f14bacd8f5a64aaa0e0db64b8810_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b5ea8c39b534200f30781bdb93439d4_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ddf7fd0632b28b464f5948be744151a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0efa6b6d73207b3a724718fb25cd332c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10b728a79bfc682b8815b6feedefbfd2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1100d832679e0730da371d2d6abf2692_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14a2251c324933401486f4160bd10f09_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14ad2b47084e74bd0f952bfe6e69d02a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\151ee49e3aa1b4b54f2d3bead5085629_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16989c126cb2e7f4db998096ca7735d6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17707a94f5a783011b21eebe56f48781_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1893c643b5017d146689fb5fd1d2ece5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18c636b26e19d94035122b184101a602_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b449283cd62ac6f91f8cc7882b852be_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c111c418a36787575faca2b788698d1_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c76da20c82ca1b6d04d219210dfc958_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f3874b50b574e6d817e9b58f17676ec_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f981d0e172af263b6ae9b6ff909337b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\217a7fc2b1450d5196b980a802d55544_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\268c89000b6dcf19a32c1c6d17db1509_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\299d2440ae0e1a2ba65ccb3d78419d62_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a7ef539e9e845483c2357a85258ba89_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b406bb67dd97dc930c82fdea7779273_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d33a9ad5b99879db1d93bb51249637e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2db2730ee28d5c7b7fa42e9e90e73641_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e521409d6c649a36f32a1a6063a6339_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e79d4582824ef9682c9c1eb0e0481f3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f9b0239be2a34c0b52159c642101325_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3093ef71fda659406bbf350b74436a2e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31bf235f7582e6d385975c110cebfacd_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31cdf0bc90f699effc423b1e701ba4a0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32298441132783c2e13bad62a7f1a59e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33cadc8f4e95a9dded494d93a3fd76f9_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\344186d56438c02295a1ee4f2ac0e333_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34ed2ea9d7f7c7982e234cf935ad564d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36151ecdd8fb2e97fb326582d7fe73d5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\390d51c2600941dcb3d81647ec637272_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a6af3ae543ea6cfee0efc190a6ef533_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ac39c9bb0d00e694eb88b46ae097a88_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cbaaefec5965f6f387c9aa92491b4be_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d55d32484359d86ca3d1037d46e1059_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3dbc299c1e82431a6854050466326639_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e66bd89f95ad0cb2fa0cbb702a44d05_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41370a2e561ac4f9ff0f9cdd162f2d6b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41e84b30c6169af9ffee9e8b02f31f90_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\421860690564fab147cc85e730be3961_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4239c61c74572e8b1fb659850661d6f8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\425d20b03360f9139abafa96e891b2a8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\434c5b3a2db330a559173486f962c95d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\435b807bae0539f29b6b31bf432865ff_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\458a6df0e43d7d2caa5e1dc732351997_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4603c659c862ebdd14748eee230bb0cf_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46c58dbefceebcb6fcbf345ea0376507_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47a16520506ff19858e43bffa9999ca8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47ece8901e83d486db9a7a7aab2bc058_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\486c38a6b0bf3027a99a01f1afc508dc_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\498c19f27f023a08dd1a2c5f93b9b0d6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49a57e7759c347be6d4251f236f699ba_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d6780e6f8f17f19a73ccaac1fd62d35_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d8352a24039656a8a95c02249da6664_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f567d0bed2b7fb04e0ea06e3b396e36_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f7603ce499f27d55156e4636405219c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fdb0b32a8397b867fac240ec03d51e6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50aee41dbb94cf2c0f50f327400f6277_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50be68ff27b50700e1d6148be1578b0d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50da926af0c560dcb9d39868ba4b7bcc_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511932b526bcf7b8d5b380a8112085e7_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5124c8372632f0bb0d8acf27ebb41249_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\548925c389fb01e75dff0835c09b5ca2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\548cd3d4788d3d626aea036fc18f48d9_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55ffba0d5e939f71275fe51404b8f8db_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\593434555c7eb536ed041dec802bfae0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a00f186d85e00ff49ec02399659301b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c152ed5d0193864012aeca9288a7310_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c3a7348538b31e2173f5864266feb15_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c6372118d40bcbb5485fd224415ff39_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cbe71621c7eaaecbf4094f93c9ab0f2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dc4540981f46ccf8bdbec5017da6831_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ea1c8436913fa4f4a709adbbf9c804e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f2ae8f4c2a12e58bc81e0b0ba534b8b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6060de533921988f53b347d7579b6afa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\608367fbeb1e8a2b8ca3260859311363_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61d1c6c36f2a214b75bf3b19b624dac3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63ad74c050b3f1f7110c7fb326c9d123_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\653485571d13474f225e4b0406a49862_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6602832a60d6644826dfeba9bc1c6d13_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\663d262546c6699e7dc91a1522c8605e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66bfad2def2da18a7de3b09e634e28d5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67072c7cde519d5c7547f1635cd60ff6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\679f7652dfcf986d9051a63b2d8db70b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67bf199a86d66ad7916e3125a020a562_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\69f7c8e4fd8e50cdd2706240e7b191fa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d83d8fec763c86bfce5c3b03a240cb9_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e28adc4da8f01663e9be01e028a82d2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e38de2067c453847b331f5166264606_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e8bd0c5dadb211481bac5be3da52144_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70663fbcf5312ae30dca27fb10432c8e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7139a905fbde886f18b39e168f37cc3e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74829c0221fc447e51b38474f2f95dd3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74d54ee1a25241efa29f0374005f1038_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76df4e2f6d2ac14a6e7d76709378c42b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\771a7361cff2d5fd984c0ecc674baf05_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7735653d192b48c92bc66c8786f242fb_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7885ed7db15d75899270449712c2d536_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7891574d4e06e9e94ec67a09c30d53d5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a8c081789bc05e52b83556f338c63de_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cefc43f4defb45bfcc1e945e660f75a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d03d5868a15dc8c7ef07c4c1c0b9ac3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ea4c439a0e7fc814b56b3e95adbe5a5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ef36849eb7b5577e6d4516c34c57e41_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f637ce2aba176ae5651e382a89dcec1_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fc098c2ffa0063685294f18004de141_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\801bbb06d130238d0e1e80bdc053921e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80b447d336e543c855d8ebb32d555c62_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81e03d2d73b7b4a1096d44b229d4a172_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\821c596b0fbf562a78f7cde3b91b001b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8253d2f469d021e5205213aa21b7fb28_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8294cfa11e205b3d5deb6e88b6e09cbe_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8589e8026d5e0cd60fdc5457835f3196_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86ea28251386cd39c8c218cfe4d01f07_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8836296148129efaf709496737c2e491_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88e630c37637ebd24ccced179b8b324d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c0473effbec5cbbaaa6721d268e112a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c2fde25bb391a30c93a61d781c153bd_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e2eb8cbeb477fd091d67d6cbd5de717_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8fdf0863479256478e3c4c21126da119_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\903c9a11876a1dbc4eb90a6066c2e19f_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92f291452adad8430908d9f97093e800_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\936c99697e704df8754d980d7564a8a0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9591fa23982d9db4981ff1d502581292_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9954d3881f4decc6e156ab6cf7555f02_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99c5764767519b2f28e570799c678239_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99e573a8dca14c20f2387f7326d63a56_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ab8efd64ec5bd886b582a096346949b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c2b392ab7f745f74ab92b3b567b9135_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c8f6f098f707887b3ce66a3a3b9bf06_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9da8375c273a16c8dc0c43c136513c69_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9df8ec760b2e3bf77aeda3237fd63b0e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e8f40b6f1d44f9ae3bec8953272c9de_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f6a4068ab32bb9b4bee361cbba549e3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a41e619c0d16cfa68b85b2bd75099d2a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4982067f726100a2259512f04142a4a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a61a78f073face252361b440d2e1354f_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad7a8b4cde517e80dfc8b1c8d788c417_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b10ac0fb8ee1c098b05dc6adaf2d2de6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3227808b0f55d915b9e1fd4c272f29b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b35e4e554d0eff4eba6401237a6f50a7_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3fb6d8b74944bef20048864d5f4ec3c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4f80e7c0dc9eec72e396796859c89df_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6646af03258578cfa2689b1d779369e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7a9a431ebedfb48bd62890662a33982_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bacc0b094e1cbd19b662f6ae04475dcf_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\badc4086fa318859cd47ec4925c300aa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bca6f9ef319d0bef05ebdeb3becfb24b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bca7c5a624d403a2862b8d378d3329d8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcd9d4dbb4964f8c4d81153e490d5f36_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcea2e0d83f8cb40e4ce6a0d0b5e9636_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcea5c7417af1e488554ea82ed7d99a2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd190a6aee4c17cdeaeee2fec57d07f2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd405f6931bb75cf206fe703b01540d6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bebc2e3c459188f5817f79ea98cef3c8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf7873aa48aaefb36009eeb46290aba9_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfd421d7e7111ce656d46462a909eb38_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2de15133f50be562e7703f22da26daa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c34588812fbfd467496a9495e0684d83_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c40c31fd781b5900d38c50761a908ed3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c555aa54dfca1d41455bb91ad8ff3c6b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c56e9707d13b5d869950f77d6a761c91_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6194a0bf72424a924e5d816c375e818_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c94e800644ac440d0c6b2c55da1636a4_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca49dd94e62f64e64620e6d5d66fe5ff_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc6fa9a0460f85ff854b4f2951d558ac_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0a9888ccd347b5bc4c93ed5482373ca_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d20163b34265f144bd81fe3f601e13dc_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d45ac95af500cb434f00dec89ebcaee4_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d57e53305ee13fd93923b01d1df2f98a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d5c0812953d4a660acdf0510d5a70f02_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6bf8b17ee50b5dc810ab1e3da2ab68b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6d66b99d3d26802aa93648f25813038_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8cc27f039ad9cb267e6339c3e633141_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d98540730600c957b0d14fce237922c0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd5cc3c9168ca8ebf88d2383268f27c4_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd9b2b8676a29e4ad38518d75da47cbc_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df5d7e775195d9590ce75ada202f2b4a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e10f447e4b0d0d4c16632f7b5121fcc3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e27bbda58722f7942ee32a615af3b13b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e386835ad556bc0eb5b990cc228739c2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4a9bb385508b6959ecdb2dc4b8f760c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e51cfca1d2af130db2ec3012e929567a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e58b0a85d187b05441a8b2b72ea6cd17_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e844a309ff9d59f3ac57bc673d3d5c02_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea6e3d6caf0e426490912f4a2106509b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea89eb03b5a0ac115848240a363c42ca_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb084fa3ea84026d912ae602c33064a3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb9bea63fb8b78879fab7b3e2c970614_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef427ad5e674a2efbd4c5403e7cab2c6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef955083206ed03ced96b03fe79c8f1b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2ba1421340be58673b7dd04761f3b7c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2df149607347abf08e7e2ae22cd0557_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f369c8a72a26b860e22f4c2ca98e3d9d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6a918233ee4d53731e69b7d86459090_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7cd70324e3c67de8fc9834a3e983990_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f92c1172ae68e901f12930551a30e19f_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa6272ac04c600bae2d6700951630716_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\faab1e6b6e18b2572137987053539f4b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe2b325b45d0c975e5118b6daab4dbfa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff7a39b6b0e2759c6ca81addff5c41d8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12.tmp Infected: EICAR-Test-File skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\26.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F.tmp Infected: EICAR-Test-File skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60.tmp Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61.tmp Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62.tmp Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped
C:\SDFix\backups\backups.zip/backups/DrvAlrt.dll Infected: Trojan-Downloader.Win32.Agent.lsw skipped
C:\SDFix\backups\backups.zip/backups/fmsxwqs.exe Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped
C:\SDFix\backups\backups.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP3\A0000304.exe Object is locked skipped
C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP4\A0000341.exe Object is locked skipped
C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP8\A0000358.dll Infected: Trojan-Downloader.Win32.Agent.lsw skipped
C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP8\A0000359.exe Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped
C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP8\A0000365.dll Infected: Trojan-Downloader.Win32.Agent.lsw skipped
C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP8\A0000366.exe Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped
C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP9\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

tetonbob · 03-30-2008, 03:32 PM

Some of the items found by Kaspersky are in Trend's quarantine folder. They are safe there, but you may want to remove them finally from within the application interface. As to why it did not find everything, some of what you had is not specifically a virus, and so possibly not covered by it's definitions.

Your logs appear clean.You should be good to go. We still have a few items to address.

Please download OTCleanIt and save it to desktop. This will remove tools we've used, backups and their logs.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache in a little while.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Clear & Reset System Restore's Cache

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
FIREWALL
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

Do not install more than one firewall program because they will conflict with each other.

Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

mmculp · 03-30-2008, 04:02 PM

Done. Thanks. Should I worry about the fact that on the address bar where there is usually a little icon next to the url address, for msn it looks like a red bug instead of the usual icon?

mmculp · 03-30-2008, 04:56 PM

Nevermind that last post, when I rebooted, the icon went back to normal.

Again, thanks so much for your help!

tetonbob · 03-30-2008, 06:10 PM

Glad to hear all is well. You're welcome for the help.

Surf safely!

03-26-2008, 10:56 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Help removing f6.cookingluck.com Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Post that log in your next reply. --------------------------------------------------------------------------------------------- Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform Full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-30-2008, 11:42 AM	#3 (permalink)
mmculp Registered User Join Date: Mar 2008 Posts: 5 OS: XP	Re: Help removing f6.cookingluck.com Thanks!! Here is the report.txt from sdfix: SDFix: Version 1.164 Run by Admin on Sat 03/29/2008 at 04:53 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\Installer\{96b0e33b-a91d-4f5d-bf73-fd87e5694579}\SrvWin.dll - Deleted C:\WINDOWS\fmsxwqs.exe - Deleted C:\WINDOWS\INSTAL~1\{FECD1~1\DRVALRT.DLL - Deleted Folder C:\WINDOWS\Installer\{96b0e33b-a91d-4f5d-bf73-fd87e5694579} - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 17:02:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"="C:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe::Enabled:Microsoft FrontPage Explorer" "C:\\FrontPage Webs\\Server\\vhttpd32.exe"="C:\\FrontPage Webs\\Server\\vhttpd32.exe::Enabled:Microsoft FrontPage Personal Web Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe"="C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe::Enabled:Zuma" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Sun 28 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 19 Mar 2008 23,154 ..SHR --- "C:\WINDOWS\Installer\{8533a820-a057-4c17-922b-dd57b4a232fb}\zip.dll" Wed 19 Mar 2008 23,150 ..SHR --- "C:\WINDOWS\Installer\{e50bd696-65d6-4126-afe5-886a934670ef}\zip.dll" Sun 28 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp" Wed 19 Mar 2008 16,768 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\26.tmp" Wed 19 Mar 2008 16,768 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27.tmp" Wed 19 Mar 2008 16,768 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28.tmp" Wed 19 Mar 2008 16,768 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp" Tue 25 Sep 2007 0 ...H. --- "C:\Documents and Settings\Admin\Application Data\Microsoft\Word\~WRL0005.tmp" Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Admin\Application Data\U3\temp\Launchpad Removal.exe" Wed 21 Feb 2007 2,996 A.SH. --- "C:\Documents and Settings\Admin\Application Data\Roxio\Dragon\DiscInfoCache\TEAC_____DW-552GA_________R4K5_300_DICV018_DRGV2050108.TMP" Finished! AND here is the log from malwarebytes: Malwarebytes' Anti-Malware 1.09 Database version: 567 Scan type: Full Scan (C:\\|) Objects scanned: 99370 Time elapsed: 51 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.bgkf (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Let me know if there are any additional steps! Thanks so much - I really appreciate your help. I'm wondering why my pc-cillan isn't detecting these things?

03-30-2008, 12:13 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Help removing f6.cookingluck.com Please run this online scan to help look for remnants. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-30-2008, 03:13 PM	#5 (permalink)
mmculp Registered User Join Date: Mar 2008 Posts: 5 OS: XP	Re: Help removing f6.cookingluck.com Here is the kapersky: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, March 30, 2008 4:10:16 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 30/03/2008 Kaspersky Anti-Virus database records: 673464 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 74806 Number of viruses found: 6 Number of infected objects: 25 Number of suspicious objects: 0 Duration of the scan process: 01:13:43 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012008033020080331\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temp\~DF1DA8.tmp Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Admin\My Documents\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Admin\My Documents\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Admin\My Documents\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0051f97cfc5fb8c7934f8af99a8ed96b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0125af55059d5e137fe0ec8127033b55_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04926f037aa7378f00cdf041ff3ced4e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04c854c5a8f2081bd97a4c750e5e08f0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0680016058f732e0402574dafafbe163_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0816f14bacd8f5a64aaa0e0db64b8810_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b5ea8c39b534200f30781bdb93439d4_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ddf7fd0632b28b464f5948be744151a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0efa6b6d73207b3a724718fb25cd332c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10b728a79bfc682b8815b6feedefbfd2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1100d832679e0730da371d2d6abf2692_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14a2251c324933401486f4160bd10f09_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14ad2b47084e74bd0f952bfe6e69d02a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\151ee49e3aa1b4b54f2d3bead5085629_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16989c126cb2e7f4db998096ca7735d6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17707a94f5a783011b21eebe56f48781_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1893c643b5017d146689fb5fd1d2ece5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18c636b26e19d94035122b184101a602_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b449283cd62ac6f91f8cc7882b852be_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c111c418a36787575faca2b788698d1_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c76da20c82ca1b6d04d219210dfc958_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f3874b50b574e6d817e9b58f17676ec_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f981d0e172af263b6ae9b6ff909337b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\217a7fc2b1450d5196b980a802d55544_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\268c89000b6dcf19a32c1c6d17db1509_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\299d2440ae0e1a2ba65ccb3d78419d62_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a7ef539e9e845483c2357a85258ba89_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b406bb67dd97dc930c82fdea7779273_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d33a9ad5b99879db1d93bb51249637e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2db2730ee28d5c7b7fa42e9e90e73641_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e521409d6c649a36f32a1a6063a6339_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e79d4582824ef9682c9c1eb0e0481f3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f9b0239be2a34c0b52159c642101325_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3093ef71fda659406bbf350b74436a2e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31bf235f7582e6d385975c110cebfacd_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31cdf0bc90f699effc423b1e701ba4a0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32298441132783c2e13bad62a7f1a59e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33cadc8f4e95a9dded494d93a3fd76f9_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\344186d56438c02295a1ee4f2ac0e333_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34ed2ea9d7f7c7982e234cf935ad564d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36151ecdd8fb2e97fb326582d7fe73d5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\390d51c2600941dcb3d81647ec637272_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a6af3ae543ea6cfee0efc190a6ef533_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ac39c9bb0d00e694eb88b46ae097a88_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cbaaefec5965f6f387c9aa92491b4be_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d55d32484359d86ca3d1037d46e1059_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3dbc299c1e82431a6854050466326639_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e66bd89f95ad0cb2fa0cbb702a44d05_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41370a2e561ac4f9ff0f9cdd162f2d6b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41e84b30c6169af9ffee9e8b02f31f90_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\421860690564fab147cc85e730be3961_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4239c61c74572e8b1fb659850661d6f8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\425d20b03360f9139abafa96e891b2a8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\434c5b3a2db330a559173486f962c95d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\435b807bae0539f29b6b31bf432865ff_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\458a6df0e43d7d2caa5e1dc732351997_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4603c659c862ebdd14748eee230bb0cf_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46c58dbefceebcb6fcbf345ea0376507_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47a16520506ff19858e43bffa9999ca8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47ece8901e83d486db9a7a7aab2bc058_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\486c38a6b0bf3027a99a01f1afc508dc_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\498c19f27f023a08dd1a2c5f93b9b0d6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49a57e7759c347be6d4251f236f699ba_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d6780e6f8f17f19a73ccaac1fd62d35_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d8352a24039656a8a95c02249da6664_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f567d0bed2b7fb04e0ea06e3b396e36_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f7603ce499f27d55156e4636405219c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fdb0b32a8397b867fac240ec03d51e6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50aee41dbb94cf2c0f50f327400f6277_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50be68ff27b50700e1d6148be1578b0d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50da926af0c560dcb9d39868ba4b7bcc_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511932b526bcf7b8d5b380a8112085e7_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5124c8372632f0bb0d8acf27ebb41249_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\548925c389fb01e75dff0835c09b5ca2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\548cd3d4788d3d626aea036fc18f48d9_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55ffba0d5e939f71275fe51404b8f8db_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\593434555c7eb536ed041dec802bfae0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a00f186d85e00ff49ec02399659301b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c152ed5d0193864012aeca9288a7310_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c3a7348538b31e2173f5864266feb15_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c6372118d40bcbb5485fd224415ff39_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cbe71621c7eaaecbf4094f93c9ab0f2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dc4540981f46ccf8bdbec5017da6831_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ea1c8436913fa4f4a709adbbf9c804e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f2ae8f4c2a12e58bc81e0b0ba534b8b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6060de533921988f53b347d7579b6afa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\608367fbeb1e8a2b8ca3260859311363_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61d1c6c36f2a214b75bf3b19b624dac3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63ad74c050b3f1f7110c7fb326c9d123_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\653485571d13474f225e4b0406a49862_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6602832a60d6644826dfeba9bc1c6d13_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\663d262546c6699e7dc91a1522c8605e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66bfad2def2da18a7de3b09e634e28d5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67072c7cde519d5c7547f1635cd60ff6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\679f7652dfcf986d9051a63b2d8db70b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67bf199a86d66ad7916e3125a020a562_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\69f7c8e4fd8e50cdd2706240e7b191fa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d83d8fec763c86bfce5c3b03a240cb9_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e28adc4da8f01663e9be01e028a82d2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e38de2067c453847b331f5166264606_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e8bd0c5dadb211481bac5be3da52144_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70663fbcf5312ae30dca27fb10432c8e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7139a905fbde886f18b39e168f37cc3e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74829c0221fc447e51b38474f2f95dd3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74d54ee1a25241efa29f0374005f1038_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76df4e2f6d2ac14a6e7d76709378c42b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\771a7361cff2d5fd984c0ecc674baf05_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7735653d192b48c92bc66c8786f242fb_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7885ed7db15d75899270449712c2d536_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7891574d4e06e9e94ec67a09c30d53d5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a8c081789bc05e52b83556f338c63de_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cefc43f4defb45bfcc1e945e660f75a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d03d5868a15dc8c7ef07c4c1c0b9ac3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ea4c439a0e7fc814b56b3e95adbe5a5_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ef36849eb7b5577e6d4516c34c57e41_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f637ce2aba176ae5651e382a89dcec1_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fc098c2ffa0063685294f18004de141_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\801bbb06d130238d0e1e80bdc053921e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80b447d336e543c855d8ebb32d555c62_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81e03d2d73b7b4a1096d44b229d4a172_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\821c596b0fbf562a78f7cde3b91b001b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8253d2f469d021e5205213aa21b7fb28_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8294cfa11e205b3d5deb6e88b6e09cbe_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8589e8026d5e0cd60fdc5457835f3196_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86ea28251386cd39c8c218cfe4d01f07_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8836296148129efaf709496737c2e491_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88e630c37637ebd24ccced179b8b324d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c0473effbec5cbbaaa6721d268e112a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c2fde25bb391a30c93a61d781c153bd_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e2eb8cbeb477fd091d67d6cbd5de717_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8fdf0863479256478e3c4c21126da119_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\903c9a11876a1dbc4eb90a6066c2e19f_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92f291452adad8430908d9f97093e800_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\936c99697e704df8754d980d7564a8a0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9591fa23982d9db4981ff1d502581292_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9954d3881f4decc6e156ab6cf7555f02_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99c5764767519b2f28e570799c678239_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99e573a8dca14c20f2387f7326d63a56_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ab8efd64ec5bd886b582a096346949b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c2b392ab7f745f74ab92b3b567b9135_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c8f6f098f707887b3ce66a3a3b9bf06_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9da8375c273a16c8dc0c43c136513c69_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9df8ec760b2e3bf77aeda3237fd63b0e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e8f40b6f1d44f9ae3bec8953272c9de_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f6a4068ab32bb9b4bee361cbba549e3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a41e619c0d16cfa68b85b2bd75099d2a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4982067f726100a2259512f04142a4a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a61a78f073face252361b440d2e1354f_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad7a8b4cde517e80dfc8b1c8d788c417_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b10ac0fb8ee1c098b05dc6adaf2d2de6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3227808b0f55d915b9e1fd4c272f29b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b35e4e554d0eff4eba6401237a6f50a7_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3fb6d8b74944bef20048864d5f4ec3c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4f80e7c0dc9eec72e396796859c89df_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6646af03258578cfa2689b1d779369e_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7a9a431ebedfb48bd62890662a33982_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bacc0b094e1cbd19b662f6ae04475dcf_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\badc4086fa318859cd47ec4925c300aa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bca6f9ef319d0bef05ebdeb3becfb24b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bca7c5a624d403a2862b8d378d3329d8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcd9d4dbb4964f8c4d81153e490d5f36_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcea2e0d83f8cb40e4ce6a0d0b5e9636_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcea5c7417af1e488554ea82ed7d99a2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd190a6aee4c17cdeaeee2fec57d07f2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd405f6931bb75cf206fe703b01540d6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bebc2e3c459188f5817f79ea98cef3c8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf7873aa48aaefb36009eeb46290aba9_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfd421d7e7111ce656d46462a909eb38_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2de15133f50be562e7703f22da26daa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c34588812fbfd467496a9495e0684d83_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c40c31fd781b5900d38c50761a908ed3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c555aa54dfca1d41455bb91ad8ff3c6b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c56e9707d13b5d869950f77d6a761c91_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6194a0bf72424a924e5d816c375e818_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c94e800644ac440d0c6b2c55da1636a4_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca49dd94e62f64e64620e6d5d66fe5ff_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc6fa9a0460f85ff854b4f2951d558ac_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0a9888ccd347b5bc4c93ed5482373ca_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d20163b34265f144bd81fe3f601e13dc_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d45ac95af500cb434f00dec89ebcaee4_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d57e53305ee13fd93923b01d1df2f98a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d5c0812953d4a660acdf0510d5a70f02_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6bf8b17ee50b5dc810ab1e3da2ab68b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6d66b99d3d26802aa93648f25813038_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8cc27f039ad9cb267e6339c3e633141_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d98540730600c957b0d14fce237922c0_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd5cc3c9168ca8ebf88d2383268f27c4_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd9b2b8676a29e4ad38518d75da47cbc_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df5d7e775195d9590ce75ada202f2b4a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e10f447e4b0d0d4c16632f7b5121fcc3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e27bbda58722f7942ee32a615af3b13b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e386835ad556bc0eb5b990cc228739c2_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4a9bb385508b6959ecdb2dc4b8f760c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e51cfca1d2af130db2ec3012e929567a_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e58b0a85d187b05441a8b2b72ea6cd17_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e844a309ff9d59f3ac57bc673d3d5c02_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea6e3d6caf0e426490912f4a2106509b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea89eb03b5a0ac115848240a363c42ca_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb084fa3ea84026d912ae602c33064a3_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb9bea63fb8b78879fab7b3e2c970614_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef427ad5e674a2efbd4c5403e7cab2c6_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef955083206ed03ced96b03fe79c8f1b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2ba1421340be58673b7dd04761f3b7c_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2df149607347abf08e7e2ae22cd0557_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f369c8a72a26b860e22f4c2ca98e3d9d_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6a918233ee4d53731e69b7d86459090_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7cd70324e3c67de8fc9834a3e983990_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f92c1172ae68e901f12930551a30e19f_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa6272ac04c600bae2d6700951630716_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\faab1e6b6e18b2572137987053539f4b_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe2b325b45d0c975e5118b6daab4dbfa_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff7a39b6b0e2759c6ca81addff5c41d8_c70dd5f2-4f14-4c98-8fdc-d2303652dda9 Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12.tmp Infected: EICAR-Test-File skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\26.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F.tmp Infected: EICAR-Test-File skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60.tmp Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61.tmp Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62.tmp Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped C:\SDFix\backups\backups.zip/backups/DrvAlrt.dll Infected: Trojan-Downloader.Win32.Agent.lsw skipped C:\SDFix\backups\backups.zip/backups/fmsxwqs.exe Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped C:\SDFix\backups\backups.zip ZIP: infected - 2 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP3\A0000304.exe Object is locked skipped C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP4\A0000341.exe Object is locked skipped C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP8\A0000358.dll Infected: Trojan-Downloader.Win32.Agent.lsw skipped C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP8\A0000359.exe Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP8\A0000365.dll Infected: Trojan-Downloader.Win32.Agent.lsw skipped C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP8\A0000366.exe Infected: not-a-virus:AdWare.Win32.Vapsup.cui skipped C:\System Volume Information\_restore{0094C839-93B3-47F6-A749-3A34C7CEC6B3}\RP9\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

03-30-2008, 03:32 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Help removing f6.cookingluck.com Some of the items found by Kaspersky are in Trend's quarantine folder. They are safe there, but you may want to remove them finally from within the application interface. As to why it did not find everything, some of what you had is not specifically a virus, and so possibly not covered by it's definitions. Your logs appear clean.You should be good to go. We still have a few items to address. Please download OTCleanIt and save it to desktop. This will remove tools we've used, backups and their logs. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it by yourself. C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache in a little while. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Clear & Reset System Restore's Cache click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. FIREWALL Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here Do not install more than one firewall program because they will conflict with each other. Here are some additional utilities that will further enhance your safety. http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-30-2008, 04:02 PM	#7 (permalink)
mmculp Registered User Join Date: Mar 2008 Posts: 5 OS: XP	Re: Help removing f6.cookingluck.com Done. Thanks. Should I worry about the fact that on the address bar where there is usually a little icon next to the url address, for msn it looks like a red bug instead of the usual icon?

03-30-2008, 04:56 PM	#8 (permalink)
mmculp Registered User Join Date: Mar 2008 Posts: 5 OS: XP	Re: Help removing f6.cookingluck.com Nevermind that last post, when I rebooted, the icon went back to normal. Again, thanks so much for your help!

03-30-2008, 06:10 PM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Help removing f6.cookingluck.com Glad to hear all is well. You're welcome for the help. Surf safely! __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009