1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

slow boot, lots popups, cannot remove some files

Discussion in 'Malware and Virus Removal Archive' started by MitchellCooley, 2008/02/12.

Page 1 of 2
  1. 2008/02/12
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    A coworker brought me his friends computer to "fix ". It was unprotected and severely infected. installed and ran ATF Cleaner, SpybotS&D, and Adaware. Then the computer stopped seeing my flash drive so couldn't install AVGFree (yet).

    Was able to clean most of the malware, spyware, etc but Spybot and AdAware both found files they could not delete.

    This system appears to have XP Home and Pro installed. Using the Pro boot, has SP2 and current updates.

    Please advise

    Mitch

    Decard Main Text is as follows:

    Deckard's System Scanner v20071014.68
    Run by Lea on 2008-02-12 01:16:17
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Lea.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:16:23 AM, on 2/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\WNSXS~1\regsvr32.exe
    C:\WINDOWS\system32\??stem32\chkntfs.exe
    C:\Program Files\Drmupgds\Drmupgds.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Lea\Desktop\dss.exe
    C:\DOCUME~1\Lea\Desktop\Lea.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {009c5425-571a-44ef-b045-0f15b4ffefe5} - C:\WINDOWS\system32\ihiapnk.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1616CBC1-2554-5CDD-5114-5A00C9BED8CF} - C:\WINDOWS\system32\xrae.dll
    O2 - BHO: Google Module - {221BBF54-3327-4548-9006-84385B1A5840} - rtypiclor.dll (file missing)
    O2 - BHO: (no name) - {3ADAB00F-DD07-4D76-8737-8E9C2FC25DC7} - C:\WINDOWS\system32\mlljh.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {665387E3-2BCF-4285-8C55-D98F0C8B3955} - C:\WINDOWS\system32\atmt.dll
    O2 - BHO: {7886b896-97e1-9fe8-49f4-d7cd65492078} - {87029456-dc7d-4f94-8ef9-1e79698b6887} - C:\WINDOWS\system32\mbunvdgw.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\uhawhhox.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: (no name) - {CC9EECE5-C5CF-4998-889D-30755AF0C73F} - C:\WINDOWS\system32\jkkjj.dll
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\qomlkki.dll
    O2 - BHO: 0 - {E93EBC02-AFBF-4192-E4A2-EA46084A461C} - C:\Program Files\Windows Media Player\rylitypa936.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [10bedf5d] rundll32.exe "C:\WINDOWS\system32\nrkkmrtx.dll ",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Sauo] "C:\WINDOWS\system32\WNSXS~1\regsvr32.exe" -vt yazb
    O4 - HKCU\..\Run: [Vlzcu] C:\WINDOWS\system32\??stem32\chkntfs.exe
    O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: qomlkki - C:\WINDOWS\SYSTEM32\qomlkki.dll
    O20 - Winlogon Notify: uhawhhox - C:\WINDOWS\SYSTEM32\uhawhhox.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\virtojujo.html

    --
    End of file - 6314 bytes

    -- Files created between 2008-01-12 and 2008-02-12 -----------------------------

    2008-02-12 01:01:39 0 d-------- C:\WINDOWS\LastGood
    2008-02-12 00:46:10 0 d-------- C:\Program Files\Lavasoft
    2008-02-12 00:46:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2008-02-12 00:45:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-11 23:47:21 86080 --a------ C:\WINDOWS\system32\nrkkmrtx.dll
    2008-02-11 23:47:15 93248 --a------ C:\WINDOWS\system32\mbunvdgw.dll
    2008-02-11 23:44:19 163904 --a------ C:\WINDOWS\system32\uhawhhox.dll
    2008-02-11 23:44:14 163904 --a------ C:\WINDOWS\system32\gwlmyfnv.dll
    2008-02-11 23:17:13 304797 --ahs---- C:\WINDOWS\system32\jjkkj.ini2
    2008-02-11 23:17:03 334336 --a------ C:\WINDOWS\system32\jkkjj.dll
    2008-02-11 19:38:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-02-11 19:05:41 93248 --a------ C:\WINDOWS\system32\ywwnlxre.dll
    2008-02-08 14:50:37 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Google
    2008-02-08 14:50:36 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
    2008-02-07 19:50:51 95808 --a------ C:\WINDOWS\system32\mfwxhbju.dll
    2008-02-07 19:47:14 60928 --a------ C:\WINDOWS\system32\xrae.dll
    2008-02-06 16:27:37 19584 --a------ C:\WINDOWS\system32\drivers\bgkysbgm.dat
    2008-02-06 16:22:42 1 --a------ C:\WINDOWS\system32\rc.dat
    2008-02-06 16:22:42 1 --a------ C:\WINDOWS\system32\ps1.dat
    2008-02-06 16:17:04 50176 --a------ C:\WINDOWS\system32\rtypiclor.dll <Not Verified; Microsoft; Jop>
    2008-02-06 16:16:51 50176 --a------ C:\WINDOWS\system32\ssymman.dll <Not Verified; Microsoft; Jop>
    2008-02-06 16:15:11 84992 --a------ C:\WINDOWS\system32\atmt.dll
    2008-02-06 11:38:09 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Google
    2008-02-06 11:38:01 0 dr------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
    2008-02-06 07:32:12 92224 --a------ C:\WINDOWS\system32\fuoynvye.dll
    2008-02-06 07:32:09 163904 --a------ C:\WINDOWS\system32\wnhsknjl.dll
    2008-02-06 07:31:22 299981 --ahs---- C:\WINDOWS\system32\hjllm.ini2
    2008-02-06 07:29:54 0 d-------- C:\Program Files\Temporary
    2008-02-06 07:29:54 0 d-------- C:\Program Files\Drmupgds
    2008-02-06 07:29:46 40960 --a------ C:\WINDOWS\system32\ljjjgge.dll
    2008-02-06 07:27:12 40960 --a------ C:\WINDOWS\system32\tuvtqol.dll
    2008-02-06 07:26:34 36864 -ra------ C:\WINDOWS\mrofinu572.exe
    2008-02-06 07:26:32 0 d--hs---- C:\WINDOWS\TGVh
    2008-02-06 07:26:31 0 d-------- C:\WINDOWS\system32\??stem32
    2008-02-06 07:26:24 171520 --a------ C:\WINDOWS\system32\ihiapnk.dll
    2008-02-06 07:26:21 0 d-------- C:\WINDOWS\system32\z6
    2008-02-06 07:26:21 0 d-------- C:\WINDOWS\system32\p4
    2008-02-06 07:26:21 0 d-------- C:\WINDOWS\system32\m1
    2008-02-06 07:26:16 0 d-------- C:\WINDOWS\system32\W?nSxS
    2008-02-06 07:26:14 0 d-------- C:\WINDOWS\system32\nGpxx01
    2008-02-06 07:26:13 40960 --a------ C:\WINDOWS\system32\qomlkki.dll
    2008-02-06 07:26:13 0 d-------- C:\Temp
    2008-02-04 08:13:36 54272 --a------ C:\WINDOWS\b122.exe
    2008-02-03 20:43:42 0 d-------- C:\Documents and Settings\Lea\Application Data\HP
    2008-02-03 20:43:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
    2008-02-03 20:33:04 11634 --a------ C:\WINDOWS\hpomdl11.dat
    2008-02-03 19:28:07 117144 --a------ C:\WINDOWS\hpoins11.dat
    2008-02-03 19:27:41 98304 --a------ C:\WINDOWS\system32\hpzjsn01.dll <Not Verified; Hewlett Packard Company; HPJZSN01 Dynamic Link Library>
    2008-02-02 19:30:58 0 d-------- C:\Documents and Settings\Lea\Application Data\Google
    2008-02-02 19:30:22 0 d-------- C:\Documents and Settings\Lea\Application Data\CyberLink
    2008-02-02 19:30:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
    2008-02-02 16:12:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
    2008-02-02 15:51:29 0 d-------- C:\Documents and Settings\Lea\Application Data\Macromedia
    2008-02-02 15:45:13 0 d---s---- C:\Documents and Settings\Lea\UserData
    2008-02-02 14:56:53 0 d-------- C:\Program Files\Modem Assistant
    2008-02-02 14:56:28 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
    2008-02-02 14:56:26 0 d-------- C:\Drivers
    2008-02-02 14:15:04 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-02-02 14:05:56 0 d-------- C:\Program Files\Symantec
    2008-02-02 14:05:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
    2008-02-02 14:01:32 0 d-------- C:\NISSetup
    2008-02-02 13:54:25 0 d-------- C:\Program Files\Common Files\LightScribe
    2008-02-02 13:51:39 0 d-------- C:\Documents and Settings\Lea\Application Data\Ahead
    2008-02-02 13:50:18 0 d-------- C:\Program Files\Nero
    2008-02-02 13:50:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
    2008-02-02 13:47:21 0 d-------- C:\MyWorks
    2008-02-02 11:47:18 0 d-------- C:\WINDOWS\system32\Viewers
    2008-02-02 11:47:02 0 d-------- C:\WINDOWS\ShellNew
    2008-02-02 11:46:10 0 d-------- C:\WINDOWS\Twain32
    2008-02-02 11:46:10 0 d-------- C:\Documents and Settings\Lea\Application Data\Microsoft Web Folders
    2008-02-02 10:48:08 0 d-------- C:\Documents and Settings\Lea\Application Data\Adobe
    2008-02-02 10:47:30 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
    2008-02-02 10:45:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
    2008-02-02 10:45:30 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
    2008-02-02 10:43:51 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu
    2008-02-02 10:42:59 0 d-------- C:\WINDOWS\Prefetch
    2008-02-02 10:34:07 0 d-------- C:\WINDOWS\ServicePackFiles
    2008-02-02 10:28:48 0 d-------- C:\WINDOWS\EHome
    2008-02-02 10:20:01 0 d-------- C:\Documents and Settings\Lea\Application Data\Identities
    2008-02-02 10:19:51 0 d--h----- C:\Documents and Settings\Lea\Templates
    2008-02-02 10:19:51 0 dr------- C:\Documents and Settings\Lea\Start Menu
    2008-02-02 10:19:51 0 dr-h----- C:\Documents and Settings\Lea\SendTo
    2008-02-02 10:19:51 0 dr-h----- C:\Documents and Settings\Lea\Recent
    2008-02-02 10:19:51 0 d--h----- C:\Documents and Settings\Lea\PrintHood
    2008-02-02 10:19:51 2359296 --ah----- C:\Documents and Settings\Lea\NTUSER.DAT
    2008-02-02 10:19:51 0 d--h----- C:\Documents and Settings\Lea\NetHood
    2008-02-02 10:19:51 0 dr------- C:\Documents and Settings\Lea\My Documents
    2008-02-02 10:19:51 0 d--h----- C:\Documents and Settings\Lea\Local Settings
    2008-02-02 10:19:51 0 dr------- C:\Documents and Settings\Lea\Favorites
    2008-02-02 10:19:51 0 d-------- C:\Documents and Settings\Lea\Desktop
    2008-02-02 10:19:51 0 d---s---- C:\Documents and Settings\Lea\Cookies
    2008-02-02 10:19:51 0 dr-h----- C:\Documents and Settings\Lea\Application Data
    2008-02-02 10:10:07 786432 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
    2008-02-02 10:10:07 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
    2008-02-02 10:10:07 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
    2008-02-02 10:10:07 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
    2008-02-02 10:10:07 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
    2008-02-02 10:10:06 786432 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
    2008-02-02 10:10:06 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
    2008-02-02 10:10:06 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
    2008-02-02 10:10:06 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
    2008-02-02 10:10:06 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
    2008-02-02 10:05:53 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
    2008-02-02 10:04:42 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
    2008-02-02 10:02:36 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-02-02 10:02:10 0 d--h----- C:\Program Files\WindowsUpdate
    2008-02-02 01:13:58 0 d-------- C:\Program Files\Common Files\ODBC
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
    2008-02-02 01:13:36 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
    2008-02-02 01:13:36 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
    2008-02-02 01:13:36 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
    2008-02-02 01:13:36 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
    2008-02-02 01:13:36 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
    2008-02-02 01:13:36 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
    2008-02-02 01:13:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
    2008-02-02 01:13:36 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
    2008-02-02 01:13:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
    2008-02-02 01:13:35 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
    2008-02-02 01:13:35 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
    2008-02-02 01:13:18 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
    2008-02-02 01:13:18 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
    2008-02-02 01:13:17 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
    2008-02-02 01:13:17 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
    2008-01-18 17:42:10 0 d-------- C:\Program Files\Advanced Registry Optimizer
    2008-01-12 11:02:45 0 d-------- C:\23e476e199b0e571b937e43c


    -- Find3M Report ---------------------------------------------------------------

    2008-02-12 00:45:36 0 d-------- C:\Program Files\Common Files
    2008-02-03 18:53:02 0 d-------- C:\Program Files\HP
    2008-02-02 16:12:14 0 d-------- C:\Program Files\Google
    2008-02-02 15:59:42 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-02 14:09:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-02-02 13:53:13 0 d-------- C:\Program Files\Common Files\Ahead
    2008-02-02 13:48:03 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-02-02 13:47:32 0 d-------- C:\Program Files\CyberLink
    2008-02-02 11:46:02 0 d-------- C:\Program Files\microsoft frontpage
    2008-02-02 10:33:56 0 d-------- C:\Program Files\Movie Maker
    2008-02-02 10:33:46 0 d-------- C:\Program Files\Windows NT
    2008-02-02 01:13:35 62 --ahs---- C:\Documents and Settings\Lea\Application Data\desktop.ini
    2007-12-16 12:14:22 0 d-------- C:\Program Files\AIM6


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{009c5425-571a-44ef-b045-0f15b4ffefe5}]
    02/06/2008 07:26 AM 171520 --a------ C:\WINDOWS\system32\ihiapnk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1616CBC1-2554-5CDD-5114-5A00C9BED8CF}]
    01/28/2008 08:29 AM 60928 --a------ C:\WINDOWS\system32\xrae.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221BBF54-3327-4548-9006-84385B1A5840}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADAB00F-DD07-4D76-8737-8E9C2FC25DC7}]
    C:\WINDOWS\system32\mlljh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{665387E3-2BCF-4285-8C55-D98F0C8B3955}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87029456-dc7d-4f94-8ef9-1e79698b6887}]
    02/11/2008 11:47 PM 93248 --a------ C:\WINDOWS\system32\mbunvdgw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    02/11/2008 11:44 PM 163904 --a------ C:\WINDOWS\system32\uhawhhox.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC9EECE5-C5CF-4998-889D-30755AF0C73F}]
    02/11/2008 11:17 PM 334336 --a------ C:\WINDOWS\system32\jkkjj.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
    02/06/2008 07:26 AM 40960 --a------ C:\WINDOWS\system32\qomlkki.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E93EBC02-AFBF-4192-E4A2-EA46084A461C}]
    C:\Program Files\Windows Media Player\rylitypa936.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
    "LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
    "NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
    "SecurDisc "= "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [02/12/2007 12:23 PM]
    "InCD "= "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [02/12/2007 12:19 PM]
    "SunKistEM "= "C:\Program Files\Digital Media Reader\shwiconem.exe" [10/18/2004 02:05 PM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 12:41 AM]
    "UserFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -u" []
    "10bedf5d "= "C:\WINDOWS\system32\nrkkmrtx.dll" [02/11/2008 11:47 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/11/2008 07:04 PM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
    "Sauo "= "C:\WINDOWS\system32\WNSXS~1\regsvr32.exe" [02/06/2008 07:26 AM]
    "Vlzcu "= "C:\WINDOWS\system32\??stem32\chkntfs.exe" [01/28/2008 08:29 AM]
    "Drmupgds "= "C:\Program Files\Drmupgds\Drmupgds.exe" [02/06/2008 07:29 AM]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 12:05:56 PM]
    Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [12/23/1998 1:51:54 PM]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Windows Media Player\virtojujo.html
    FriendlyName=

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{E180F496-8A4B-44E2-9FE0-0364E345DB7F} "= C:\WINDOWS\system32\qomlkki.dll [02/06/2008 07:26 AM 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlkki]
    qomlkki.dll 02/06/2008 07:26 AM 40960 C:\WINDOWS\system32\qomlkki.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uhawhhox]
    uhawhhox.dll 02/11/2008 11:44 PM 163904 C:\WINDOWS\system32\uhawhhox.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages "= msv1_0 C:\WINDOWS\system32\jkkjj.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "




    -- End of Deckard's System Scanner: finished at 2008-02-12 01:17:48 ------------
     
    MitchellCooley,
    #1
  2. 2008/02/12
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    Update - What I have so far

    Finally got avg installed. It found several infected files and moved most of them to the vault. There are two, however, which keep coming back "atmt" and "!update.exe ". Every time I "move to vault" or "heal" I can't use explorer; the system just reboots.

    Will report back with more.

    Mitch
     
    MitchellCooley,
    #2


  3. to hide this advert.

  4. 2008/02/12
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    New Deckard's Report

    I am at the point where SpyBot and Adaware find no problems. I believe I have done all I can do on my own.

    I could run SDFix, and ComboFix using instructions in other threads....but I prefer supervision.

    I will check back later

    Mitch

    The new Deckard's File follows:

    Deckard's System Scanner v20071014.68
    Run by Lea on 2008-02-12 12:19:15
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Lea.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:19:23 PM, on 2/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\??stem32\chkntfs.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Lea\Desktop\dss.exe
    C:\DOCUME~1\Lea\Desktop\Lea.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1616CBC1-2554-5CDD-5114-5A00C9BED8CF} - C:\WINDOWS\system32\xrae.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {665387E3-2BCF-4285-8C55-D98F0C8B3955} - C:\WINDOWS\system32\atmt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Vlzcu] C:\WINDOWS\system32\??stem32\chkntfs.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\virtojujo.html

    --
    End of file - 6739 bytes

    -- Files created between 2008-01-12 and 2008-02-12 -----------------------------

    2008-02-12 09:49:26 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2008-02-12 09:49:25 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2008-02-12 09:49:25 6550 --a------ C:\WINDOWS\jautoexp.dat
    2008-02-12 09:49:21 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2008-02-12 09:49:21 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2008-02-12 02:40:55 0 d-------- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Application Data\Adobe
    2008-02-12 02:18:20 0 d-------- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Application Data\AVG7
    2008-02-12 02:16:12 0 d--h----- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Templates
    2008-02-12 02:16:12 0 dr------- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Start Menu
    2008-02-12 02:16:12 0 dr-h----- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\SendTo
    2008-02-12 02:16:12 0 d--h----- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Recent
    2008-02-12 02:16:12 0 d--h----- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\PrintHood
    2008-02-12 02:16:12 0 d--h----- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\NetHood
    2008-02-12 02:16:12 0 d-------- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\My Documents
    2008-02-12 02:16:12 0 d--h----- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Local Settings
    2008-02-12 02:16:12 0 d-------- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Favorites
    2008-02-12 02:16:12 0 d-------- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Desktop
    2008-02-12 02:16:12 0 d---s---- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Cookies
    2008-02-12 02:16:12 0 dr-h----- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Application Data
    2008-02-12 02:16:12 0 d---s---- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Application Data\Microsoft
    2008-02-12 02:16:11 1835008 --ah----- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\NTUSER.DAT
    2008-02-12 02:03:06 26096 --a------ C:\WINDOWS\system32\vtuvtrq.dll
    2008-02-12 02:03:01 26096 --a------ C:\WINDOWS\system32\opnommm.dll
    2008-02-12 01:55:26 0 d-------- C:\Documents and Settings\Lea\Application Data\AVG7
    2008-02-12 01:55:09 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
    2008-02-12 01:54:53 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2008-02-12 01:54:53 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
    2008-02-12 00:46:10 0 d-------- C:\Program Files\Lavasoft
    2008-02-12 00:46:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2008-02-12 00:45:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-11 23:17:13 307945 --ahs---- C:\WINDOWS\system32\jjkkj.ini2
    2008-02-11 19:38:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-02-08 14:50:37 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Google
    2008-02-08 14:50:36 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
    2008-02-07 19:47:14 60928 --a------ C:\WINDOWS\system32\xrae.dll
    2008-02-06 16:27:37 19584 --a------ C:\WINDOWS\system32\drivers\bgkysbgm.dat
    2008-02-06 16:22:42 1 --a------ C:\WINDOWS\system32\rc.dat
    2008-02-06 16:22:42 1 --a------ C:\WINDOWS\system32\ps1.dat
    2008-02-06 16:15:11 84992 --a------ C:\WINDOWS\system32\atmt.dll
    2008-02-06 11:38:09 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Google
    2008-02-06 11:38:01 0 dr------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
    2008-02-06 07:31:22 299981 --ahs---- C:\WINDOWS\system32\hjllm.ini2
    2008-02-06 07:29:54 0 d-------- C:\Program Files\Temporary
    2008-02-06 07:29:54 0 d-------- C:\Program Files\Drmupgds
    2008-02-06 07:26:32 0 d--hs---- C:\WINDOWS\TGVh
    2008-02-06 07:26:31 0 d-------- C:\WINDOWS\system32\??stem32
    2008-02-06 07:26:21 0 d-------- C:\WINDOWS\system32\z6
    2008-02-06 07:26:21 0 d-------- C:\WINDOWS\system32\p4
    2008-02-06 07:26:21 0 d-------- C:\WINDOWS\system32\m1
    2008-02-06 07:26:16 0 d-------- C:\WINDOWS\system32\W?nSxS
    2008-02-06 07:26:14 0 d-------- C:\WINDOWS\system32\nGpxx01
    2008-02-06 07:26:13 0 d-------- C:\Temp
    2008-02-03 20:43:42 0 d-------- C:\Documents and Settings\Lea\Application Data\HP
    2008-02-03 20:43:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
    2008-02-03 20:33:04 11634 --a------ C:\WINDOWS\hpomdl11.dat
    2008-02-03 19:28:07 117144 --a------ C:\WINDOWS\hpoins11.dat
    2008-02-03 19:27:41 98304 --a------ C:\WINDOWS\system32\hpzjsn01.dll <Not Verified; Hewlett Packard Company; HPJZSN01 Dynamic Link Library>
    2008-02-02 19:30:58 0 d-------- C:\Documents and Settings\Lea\Application Data\Google
    2008-02-02 19:30:22 0 d-------- C:\Documents and Settings\Lea\Application Data\CyberLink
    2008-02-02 19:30:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
    2008-02-02 16:12:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
    2008-02-02 15:51:29 0 d-------- C:\Documents and Settings\Lea\Application Data\Macromedia
    2008-02-02 15:45:13 0 d---s---- C:\Documents and Settings\Lea\UserData
    2008-02-02 14:56:53 0 d-------- C:\Program Files\Modem Assistant
    2008-02-02 14:56:28 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
    2008-02-02 14:56:26 0 d-------- C:\Drivers
    2008-02-02 14:15:04 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-02-02 14:05:56 0 d-------- C:\Program Files\Symantec
    2008-02-02 14:05:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
    2008-02-02 14:01:32 0 d-------- C:\NISSetup
    2008-02-02 13:54:25 0 d-------- C:\Program Files\Common Files\LightScribe
    2008-02-02 13:51:39 0 d-------- C:\Documents and Settings\Lea\Application Data\Ahead
    2008-02-02 13:50:18 0 d-------- C:\Program Files\Nero
    2008-02-02 13:50:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
    2008-02-02 13:47:21 0 d-------- C:\MyWorks
    2008-02-02 11:47:18 0 d-------- C:\WINDOWS\system32\Viewers
    2008-02-02 11:47:02 0 d-------- C:\WINDOWS\ShellNew
    2008-02-02 11:46:10 0 d-------- C:\WINDOWS\Twain32
    2008-02-02 11:46:10 0 d-------- C:\Documents and Settings\Lea\Application Data\Microsoft Web Folders
    2008-02-02 10:48:08 0 d-------- C:\Documents and Settings\Lea\Application Data\Adobe
    2008-02-02 10:47:30 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
    2008-02-02 10:45:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
    2008-02-02 10:45:30 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
    2008-02-02 10:43:51 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu
    2008-02-02 10:42:59 0 d-------- C:\WINDOWS\Prefetch
    2008-02-02 10:34:07 0 d-------- C:\WINDOWS\ServicePackFiles
    2008-02-02 10:28:48 0 d-------- C:\WINDOWS\EHome
    2008-02-02 10:20:01 0 d-------- C:\Documents and Settings\Lea\Application Data\Identities
    2008-02-02 10:19:51 0 d--h----- C:\Documents and Settings\Lea\Templates
    2008-02-02 10:19:51 0 dr------- C:\Documents and Settings\Lea\Start Menu
    2008-02-02 10:19:51 0 dr-h----- C:\Documents and Settings\Lea\SendTo
    2008-02-02 10:19:51 0 dr-h----- C:\Documents and Settings\Lea\Recent
    2008-02-02 10:19:51 0 d--h----- C:\Documents and Settings\Lea\PrintHood
    2008-02-02 10:19:51 2621440 --ah----- C:\Documents and Settings\Lea\NTUSER.DAT
    2008-02-02 10:19:51 0 d--h----- C:\Documents and Settings\Lea\NetHood
    2008-02-02 10:19:51 0 dr------- C:\Documents and Settings\Lea\My Documents
    2008-02-02 10:19:51 0 d--h----- C:\Documents and Settings\Lea\Local Settings
    2008-02-02 10:19:51 0 dr------- C:\Documents and Settings\Lea\Favorites
    2008-02-02 10:19:51 0 d-------- C:\Documents and Settings\Lea\Desktop
    2008-02-02 10:19:51 0 d--hs---- C:\Documents and Settings\Lea\Cookies
    2008-02-02 10:19:51 0 dr-h----- C:\Documents and Settings\Lea\Application Data
    2008-02-02 10:10:07 786432 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
    2008-02-02 10:10:07 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
    2008-02-02 10:10:07 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
    2008-02-02 10:10:07 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
    2008-02-02 10:10:07 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
    2008-02-02 10:10:06 786432 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
    2008-02-02 10:10:06 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
    2008-02-02 10:10:06 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
    2008-02-02 10:10:06 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
    2008-02-02 10:10:06 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
    2008-02-02 10:05:53 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
    2008-02-02 10:04:42 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
    2008-02-02 10:02:36 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-02-02 10:02:10 0 d--h----- C:\Program Files\WindowsUpdate
    2008-02-02 01:13:58 0 d-------- C:\Program Files\Common Files\ODBC
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
    2008-02-02 01:13:36 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
    2008-02-02 01:13:36 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
    2008-02-02 01:13:36 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
    2008-02-02 01:13:36 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
    2008-02-02 01:13:36 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
    2008-02-02 01:13:36 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
    2008-02-02 01:13:36 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
    2008-02-02 01:13:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
    2008-02-02 01:13:36 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
    2008-02-02 01:13:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
    2008-02-02 01:13:35 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
    2008-02-02 01:13:35 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
    2008-02-02 01:13:18 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
    2008-02-02 01:13:18 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
    2008-02-02 01:13:17 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
    2008-02-02 01:13:17 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
    2008-01-18 17:42:10 0 d-------- C:\Program Files\Advanced Registry Optimizer
    2008-01-12 11:02:45 0 d-------- C:\23e476e199b0e571b937e43c


    -- Find3M Report ---------------------------------------------------------------

    2008-02-12 00:45:36 0 d-------- C:\Program Files\Common Files
    2008-02-03 18:53:02 0 d-------- C:\Program Files\HP
    2008-02-02 16:12:14 0 d-------- C:\Program Files\Google
    2008-02-02 15:59:42 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-02 14:09:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-02-02 13:53:13 0 d-------- C:\Program Files\Common Files\Ahead
    2008-02-02 13:48:03 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-02-02 13:47:32 0 d-------- C:\Program Files\CyberLink
    2008-02-02 11:46:02 0 d-------- C:\Program Files\microsoft frontpage
    2008-02-02 10:33:56 0 d-------- C:\Program Files\Movie Maker
    2008-02-02 10:33:46 0 d-------- C:\Program Files\Windows NT
    2008-02-02 01:13:35 62 --ahs---- C:\Documents and Settings\Lea\Application Data\desktop.ini
    2007-12-16 12:14:22 0 d-------- C:\Program Files\AIM6


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1616CBC1-2554-5CDD-5114-5A00C9BED8CF}]
    01/28/2008 08:29 AM 60928 --a------ C:\WINDOWS\system32\xrae.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{665387E3-2BCF-4285-8C55-D98F0C8B3955}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
    "LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
    "NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
    "SecurDisc "= "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [02/12/2007 12:23 PM]
    "InCD "= "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [02/12/2007 12:19 PM]
    "SunKistEM "= "C:\Program Files\Digital Media Reader\shwiconem.exe" [10/18/2004 02:05 PM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 12:41 AM]
    "UserFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -u" []
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/23/2007 07:10 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/11/2008 07:04 PM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
    "Vlzcu "= "C:\WINDOWS\system32\??stem32\chkntfs.exe" [01/28/2008 08:29 AM]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 12:05:56 PM]
    Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [12/23/1998 1:51:54 PM]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Windows Media Player\virtojujo.html
    FriendlyName=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages "= msv1_0 C:\WINDOWS\system32\jkkjj.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "




    -- End of Deckard's System Scanner: finished at 2008-02-12 12:20:41 ------------
     
    Last edited: 2008/02/12
    MitchellCooley,
    #3
  5. 2008/02/12
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    Panda Active Scan Report

    Incident Status Location

    Adware:Adware/AVSystemCare Not disinfected C:\Deckard\System Scanner\20080212000730\backup\DOCUME~1\Lea\LOCALS~1\Temp\winvsnet.exe
    Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Lea\Local Settings\Temp\!update.exe
    Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Lea\Local Settings\Temporary Internet Files\Content.IE5\GHEVG92B\!update-4495[1].0000
    Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\Lea\My Documents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d292d92-12ff9887.zip[BnnnnBaa.class]
    Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\Lea\My Documents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d292d92-12ff9887.zip[VaannnaaBaa.class]
    Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\Lea\My Documents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2d292d92-12ff9887.zip[Bnnnnn.class]
    Adware:Adware/Trymedia Not disinfected C:\Downloads\FiveCardDeluxeSetup-dm[1].exe
    Possible Virus. Not disinfected C:\Program Files\FaxTools\Install\Setup.exe
    Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\Setup.exe
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Uninstall My Web Search.dll
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
    Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\W?nSxS\regsvr32.exe
    Adware:Adware/CommAd Not disinfected C:\WINDOWS\TGVh\n3p1.vbs
     
    MitchellCooley,
    #4
  6. 2008/02/12
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    sdfix log and new HJT Log

    SDFix: Version 1.141

    Run by Administrator on Tue 02/12/2008 at 03:47 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\PROGRA~1\WINDOW~2\VIRTOJ~1.HTM - Deleted
    C:\PROGRA~1\WINDOW~2\RYLITY~1 - Deleted
    C:\WINDOWS\system32\alog.txt - Deleted
    C:\WINDOWS\system32\cmds.txt - Deleted
    C:\WINDOWS\system32\pac.txt - Deleted
    C:\WINDOWS\system32\ps1.dat - Deleted
    C:\WINDOWS\system32\rc.dat - Deleted



    Folder C:\Program Files\drmupgds - Removed
    Folder C:\Program Files\Temporary - Removed
    Folder C:\WINDOWS\system32\m1 - Removed


    Removing Temp Files...

    ADS Check:



    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-12 16:03:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe "
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe "
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe "
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe "
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe "
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Wed 15 Jun 2005 141,312 A.SHR --- "C:\Program Files\PhoTags Express\Setup.exe "
    Wed 9 Mar 2005 39,936 A.SHR --- "C:\Program Files\PhoTags Express\_Setupx.dll "
    Mon 8 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe "
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe "
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe "
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
    Tue 12 Feb 2008 70,656 ..SHR --- "C:\WINDOWS\system32\W?nSxS\regsvr32.exe "
    Mon 28 Jan 2008 230,400 A.SHR --- "C:\WINDOWS\system32\??stem32\chkntfs.exe "
    Tue 5 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp "

    Finished!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:12:55 PM, on 2/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\WNSXS~1\regsvr32.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Documents and Settings\Lea\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {665387E3-2BCF-4285-8C55-D98F0C8B3955} - C:\WINDOWS\system32\atmt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sauo] "C:\WINDOWS\system32\WNSXS~1\regsvr32.exe" -vt ndrv
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\virtojujo.html

    --
    End of file - 6899 bytes
     
    MitchellCooley,
    #5
  7. 2008/02/12
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    combofix and HJT Logs

    I think this is as far as I can go on my own.

    ComboFix 08-02-13.1 - Lea 2008-02-12 16:19:38.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.649 [GMT -8:00]
    Running from: C:\Documents and Settings\Lea\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Lea\My Documents\PPATCH~1
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\amttpxqu.ini
    C:\WINDOWS\system32\atmt.dll
    C:\WINDOWS\system32\drivers\bgkysbgm.dat
    C:\WINDOWS\system32\hjllm.ini
    C:\WINDOWS\system32\hjllm.ini2
    C:\WINDOWS\system32\iuxdyxjj.ini
    C:\WINDOWS\system32\jjkkj.ini
    C:\WINDOWS\system32\jjkkj.ini2
    C:\WINDOWS\system32\nGpxx01
    C:\WINDOWS\system32\okogtuyj.ini
    C:\WINDOWS\system32\p4
    C:\WINDOWS\system32\stem32~1
    C:\WINDOWS\system32\stem32~1\chkntfs.exe
    C:\WINDOWS\system32\wnsxs~1
    C:\WINDOWS\system32\wnsxs~1\regsvr32.exe
    C:\WINDOWS\system32\wnsxs~1\W?nSxS\
    C:\WINDOWS\system32\xrae.dll
    C:\WINDOWS\system32\xtrmkkrn.ini
    C:\WINDOWS\system32\z6
    H:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_EYAHXCGC
    -------\LEGACY_NETWORK_MONITOR
    -------\eyahxcgc


    ((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
    .

    2008-02-12 15:45 . 2008-02-12 15:45 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-02-12 15:42 . 2008-02-12 16:10 <DIR> d-------- C:\SDFix
    2008-02-12 13:05 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
    2008-02-12 13:00 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\cwpjcwywihee.sys
    2008-02-12 12:44 . 2008-02-12 12:44 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-02-12 12:44 . 2008-02-12 12:44 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-02-12 12:43 . 2008-02-12 14:33 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2008-02-12 12:43 . 2008-02-12 12:44 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2008-02-12 10:12 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-02-12 09:49 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
    2008-02-12 09:49 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
    2008-02-12 09:49 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
    2008-02-12 09:49 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
    2008-02-12 09:49 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2008-02-12 09:49 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2008-02-12 09:47 . 2006-08-21 01:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2008-02-12 09:47 . 2006-08-21 01:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
    2008-02-12 09:47 . 2006-08-21 04:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
    2008-02-12 04:14 . 2007-07-06 04:46 660,992 -----c--- C:\WINDOWS\system32\dllcache\mqqm.dll
    2008-02-12 04:14 . 2007-07-06 04:46 471,552 -----c--- C:\WINDOWS\system32\dllcache\mqutil.dll
    2008-02-12 04:14 . 2007-07-06 04:46 177,152 -----c--- C:\WINDOWS\system32\dllcache\mqrt.dll
    2008-02-12 04:14 . 2007-07-06 04:46 138,240 -----c--- C:\WINDOWS\system32\dllcache\mqad.dll
    2008-02-12 04:14 . 2007-07-06 04:46 95,744 -----c--- C:\WINDOWS\system32\dllcache\mqsec.dll
    2008-02-12 04:14 . 2007-07-06 02:05 72,960 -----c--- C:\WINDOWS\system32\dllcache\mqac.sys
    2008-02-12 04:14 . 2007-07-06 04:46 48,640 -----c--- C:\WINDOWS\system32\dllcache\mqupgrd.dll
    2008-02-12 04:14 . 2007-07-06 04:46 47,104 -----c--- C:\WINDOWS\system32\dllcache\mqdscli.dll
    2008-02-12 04:14 . 2007-07-06 04:46 16,896 -----c--- C:\WINDOWS\system32\dllcache\mqise.dll
    2008-02-12 04:01 . 2007-03-08 05:47 1,843,584 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-02-12 04:01 . 2007-03-08 07:36 577,536 -----c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-02-12 04:01 . 2007-06-19 05:31 282,112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-12 04:01 . 2007-03-08 07:36 40,960 -----c--- C:\WINDOWS\system32\dllcache\mf3216.dll
    2008-02-12 03:57 . 2006-05-19 04:59 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
    2008-02-12 03:57 . 2006-05-19 04:59 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
    2008-02-12 02:18 . 2008-02-12 02:18 <DIR> d-------- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Application Data\AVG7
    2008-02-12 02:03 . 2008-02-12 02:03 26,096 --a------ C:\WINDOWS\system32\vtuvtrq.dll
    2008-02-12 02:03 . 2008-02-12 02:03 26,096 --a------ C:\WINDOWS\system32\opnommm.dll
    2008-02-12 01:55 . 2008-02-12 01:55 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
    2008-02-12 01:55 . 2008-02-12 08:00 <DIR> d-------- C:\Documents and Settings\Lea\Application Data\AVG7
    2008-02-12 01:54 . 2008-02-12 01:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2008-02-12 01:54 . 2008-02-12 02:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
    2008-02-12 01:09 . 2006-10-12 03:09 256,512 -----c--- C:\WINDOWS\system32\dllcache\agentsvr.exe
    2008-02-12 01:09 . 2007-03-09 05:46 57,344 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
    2008-02-12 01:09 . 2006-10-12 06:02 42,496 -----c--- C:\WINDOWS\system32\dllcache\agentdp2.dll
    2008-02-12 01:08 . 2007-07-09 05:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-02-12 01:08 . 2006-12-26 05:07 536,576 -----c--- C:\WINDOWS\system32\dllcache\msado15.dll
    2008-02-12 01:08 . 2006-12-26 05:07 200,704 -----c--- C:\WINDOWS\system32\dllcache\msadox.dll
    2008-02-12 01:08 . 2006-12-26 05:07 180,224 -----c--- C:\WINDOWS\system32\dllcache\msadomd.dll
    2008-02-12 01:08 . 2006-12-26 05:07 102,400 -----c--- C:\WINDOWS\system32\dllcache\msjro.dll
    2008-02-12 01:07 . 2006-06-22 02:47 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
    2008-02-12 01:02 . 2006-05-05 01:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    2008-02-12 01:02 . 2006-05-05 01:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
    2008-02-12 00:46 . 2008-02-12 00:46 <DIR> d-------- C:\Program Files\Lavasoft
    2008-02-12 00:46 . 2008-02-12 00:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2008-02-12 00:45 . 2008-02-12 00:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-12 00:02 . 2008-02-12 00:02 <DIR> d-------- C:\Deckard
    2008-02-11 23:37 . 2006-12-14 05:45 981,760 -----c--- C:\WINDOWS\system32\dllcache\mfc42u.dll
    2008-02-11 23:23 . 2006-11-27 06:54 539,136 -----c--- C:\WINDOWS\system32\dllcache\msftedit.dll
    2008-02-11 23:23 . 2006-11-27 06:54 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll
    2008-02-11 22:00 . 2008-02-11 23:43 587 --a------ C:\WINDOWS\wininit.ini
    2008-02-11 19:38 . 2008-02-11 19:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-02-06 07:26 . 2008-02-12 00:58 <DIR> d--hs---- C:\WINDOWS\TGVh
    2008-02-06 07:26 . 2008-02-11 20:06 <DIR> d-------- C:\Temp
    2008-02-03 20:43 . 2008-02-03 20:45 <DIR> d-------- C:\Documents and Settings\Lea\Application Data\HP
    2008-02-03 20:43 . 2008-02-03 20:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
    2008-02-03 20:36 . 2008-02-03 19:31 110,415 --------- C:\WINDOWS\hpoins11.dat.temp
    2008-02-03 20:36 . 2006-05-05 19:10 6,947 --------- C:\WINDOWS\hpomdl11.dat.temp
    2008-02-03 20:33 . 2006-05-05 15:17 11,634 --a------ C:\WINDOWS\hpomdl11.dat
    2008-02-03 19:30 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
    2008-02-03 19:30 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-03 19:30 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-03 19:29 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2008-02-03 19:29 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2008-02-03 19:29 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2008-02-03 19:29 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2008-02-03 19:29 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2008-02-03 19:29 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2008-02-03 19:28 . 2008-02-03 20:45 117,144 --a------ C:\WINDOWS\hpoins11.dat
    2008-02-03 19:28 . 2006-04-12 16:04 49,664 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2008-02-03 19:28 . 2006-04-12 16:04 21,568 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
    2008-02-03 19:28 . 2006-04-12 16:04 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2008-02-03 19:27 . 2006-04-12 16:02 827,392 --a------ C:\WINDOWS\system32\hpotiop2.dll
    2008-02-03 19:27 . 2006-04-12 16:02 659,456 --a------ C:\WINDOWS\system32\hpowiax2.dll
    2008-02-03 19:27 . 2006-04-12 16:04 282,624 --a------ C:\WINDOWS\system32\HPZc3212.dll
    2008-02-03 19:27 . 2006-04-12 16:02 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
    2008-02-03 19:27 . 2005-07-18 17:38 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
    2008-02-03 19:27 . 2006-01-04 00:12 77,824 --a------ C:\WINDOWS\system32\HPZIDS01.dll
    2008-02-03 16:51 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-02-03 16:51 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-02-03 16:49 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-02-03 16:49 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-02-02 19:30 . 2008-02-02 19:30 <DIR> d-------- C:\Documents and Settings\Lea\Application Data\CyberLink
    2008-02-02 19:30 . 2008-02-02 19:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
    2008-02-02 16:50 . 2006-08-07 23:02 22,016 -ra------ C:\WINDOWS\system32\drivers\RTL8150.SYS
    2008-02-02 15:45 . 2008-02-02 15:45 <DIR> d---s---- C:\Documents and Settings\Lea\UserData
    2008-02-02 15:43 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-02-02 15:43 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-02-02 15:43 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-02-02 15:43 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-02-02 15:07 . 2003-04-23 19:28 41,984 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
    2008-02-02 14:56 . 2008-02-02 14:56 <DIR> d-------- C:\Program Files\Modem Assistant

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-12 22:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-12 22:03 --------- d-----w C:\Program Files\Google
    2008-02-12 22:03 --------- d-----w C:\Program Files\Digital Media Reader
    2008-02-04 02:53 --------- d-----w C:\Program Files\HP
    2008-02-02 23:59 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-02 22:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-02 21:53 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-02-02 21:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-02 21:47 --------- d-----w C:\Program Files\CyberLink
    2008-02-02 19:46 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-16 20:14 --------- d-----w C:\Program Files\AIM6
    1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
    1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
    1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
    1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
    1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
    1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
    2005-07-30 00:24 472 --sha-r C:\WINDOWS\TGVh\n3p1.vbs
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-11 19:04 68856]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "Sauo "= "C:\WINDOWS\system32\WNSXS~1\regsvr32.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
    "LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
    "SecurDisc "= "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23 1620480]
    "InCD "= "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19 1050112]
    "SunKistEM "= "C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-10-18 14:05 135168]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 00:41 49152]
    "UserFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -u" [ ]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 07:10 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 12:13 219136]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
    Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 13:51:54 45568]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Windows Media Player\virtojujo.html
    FriendlyName=

    R3 mgau;mgau;C:\WINDOWS\system32\DRIVERS\mgaum.sys [2001-08-17 04:50]
    S3 FXDrv32;FXDrv32;I:\FXDrv32.sys []
    S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8150.SYS [2006-08-07 23:02]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-12 16:23:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-12 16:26:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-13 00:26:28
    .
    2008-02-12 23:23:45 --- E O F ---


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:30:39 PM, on 2/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Lea\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sauo] "C:\WINDOWS\system32\WNSXS~1\regsvr32.exe" -vt ndrv
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\virtojujo.html

    --
    End of file - 6790 bytes
     
    MitchellCooley,
    #6
  8. 2008/02/13
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Sorry for the wait.
    You have not been over looked, I going through your logs.

    Please be patient.

    Do you know what this is?
    virtojujo.html

    Thanks
    Geri
     
    Geri,
    #7
  9. 2008/02/13
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    I have no idea. The computer belongs to a co-workers girlfriend.

    As far as the wait goes.....I am a very patient man. I can see all the activity in this forum; I understand.

    Mitch
     
    MitchellCooley,
    #8
  10. 2008/02/13
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MitchellCooley

    Please do this.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
C:\WINDOWS\system32\opnommm.dll
C:\WINDOWS\system32\vtuvtrq.dll
C:\WINDOWS\jautoexp.dat
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\pavas.ico

Folder::
C:\WINDOWS\TGVh

Driver::
C:\WINDOWS\system32\drivers\cwpjcwywihee.sys
    Please post the CF Log.

    Then we'll run a on-line scan after I see the log.

    Thanks
    Geri
     
    Geri,
    #9
  11. 2008/02/14
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    Geri,

    Here are the two logs:

    ComboFix 08-02-13.1 - Lea 2008-02-14 0:08:15.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.637 [GMT -8:00]
    Running from: C:\Documents and Settings\Lea\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Lea\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE
    C:\WINDOWS\jautoexp.dat
    C:\WINDOWS\system32\Help.ico
    C:\WINDOWS\system32\opnommm.dll
    C:\WINDOWS\system32\pavas.ico
    C:\WINDOWS\system32\Uninstall.ico
    C:\WINDOWS\system32\vtuvtrq.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\jautoexp.dat
    C:\WINDOWS\system32\Help.ico
    C:\WINDOWS\system32\opnommm.dll
    C:\WINDOWS\system32\pavas.ico
    C:\WINDOWS\system32\Uninstall.ico
    C:\WINDOWS\system32\vtuvtrq.dll
    C:\WINDOWS\TGVh
    C:\WINDOWS\TGVh\n3p1.vbs

    .
    ((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
    .

    2008-02-12 22:40 . 2008-02-12 22:55 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-02-12 15:45 . 2008-02-12 15:45 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-02-12 15:42 . 2008-02-12 16:10 <DIR> d-------- C:\SDFix
    2008-02-12 13:05 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
    2008-02-12 13:00 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\cwpjcwywihee.sys
    2008-02-12 12:43 . 2008-02-12 14:33 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2008-02-12 10:12 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-02-12 09:49 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
    2008-02-12 09:49 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
    2008-02-12 09:49 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
    2008-02-12 09:49 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2008-02-12 09:49 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2008-02-12 09:47 . 2006-08-21 01:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2008-02-12 09:47 . 2006-08-21 01:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
    2008-02-12 09:47 . 2006-08-21 04:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
    2008-02-12 04:14 . 2007-07-06 04:46 660,992 -----c--- C:\WINDOWS\system32\dllcache\mqqm.dll
    2008-02-12 04:14 . 2007-07-06 04:46 471,552 -----c--- C:\WINDOWS\system32\dllcache\mqutil.dll
    2008-02-12 04:14 . 2007-07-06 04:46 177,152 -----c--- C:\WINDOWS\system32\dllcache\mqrt.dll
    2008-02-12 04:14 . 2007-07-06 04:46 138,240 -----c--- C:\WINDOWS\system32\dllcache\mqad.dll
    2008-02-12 04:14 . 2007-07-06 04:46 95,744 -----c--- C:\WINDOWS\system32\dllcache\mqsec.dll
    2008-02-12 04:14 . 2007-07-06 02:05 72,960 -----c--- C:\WINDOWS\system32\dllcache\mqac.sys
    2008-02-12 04:14 . 2007-07-06 04:46 48,640 -----c--- C:\WINDOWS\system32\dllcache\mqupgrd.dll
    2008-02-12 04:14 . 2007-07-06 04:46 47,104 -----c--- C:\WINDOWS\system32\dllcache\mqdscli.dll
    2008-02-12 04:14 . 2007-07-06 04:46 16,896 -----c--- C:\WINDOWS\system32\dllcache\mqise.dll
    2008-02-12 04:01 . 2007-03-08 05:47 1,843,584 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-02-12 04:01 . 2007-03-08 07:36 577,536 -----c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-02-12 04:01 . 2007-06-19 05:31 282,112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-12 04:01 . 2007-03-08 07:36 40,960 -----c--- C:\WINDOWS\system32\dllcache\mf3216.dll
    2008-02-12 03:57 . 2006-05-19 04:59 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
    2008-02-12 03:57 . 2006-05-19 04:59 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
    2008-02-12 02:18 . 2008-02-12 02:18 <DIR> d-------- C:\Documents and Settings\Administrator.LEA-F0IQ4DC4ZAA\Application Data\AVG7
    2008-02-12 01:55 . 2008-02-12 01:55 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
    2008-02-12 01:55 . 2008-02-13 08:00 <DIR> d-------- C:\Documents and Settings\Lea\Application Data\AVG7
    2008-02-12 01:54 . 2008-02-12 01:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2008-02-12 01:54 . 2008-02-12 02:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
    2008-02-12 01:09 . 2006-10-12 03:09 256,512 -----c--- C:\WINDOWS\system32\dllcache\agentsvr.exe
    2008-02-12 01:09 . 2007-03-09 05:46 57,344 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
    2008-02-12 01:09 . 2006-10-12 06:02 42,496 -----c--- C:\WINDOWS\system32\dllcache\agentdp2.dll
    2008-02-12 01:08 . 2007-07-09 05:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-02-12 01:08 . 2006-12-26 05:07 536,576 -----c--- C:\WINDOWS\system32\dllcache\msado15.dll
    2008-02-12 01:08 . 2006-12-26 05:07 200,704 -----c--- C:\WINDOWS\system32\dllcache\msadox.dll
    2008-02-12 01:08 . 2006-12-26 05:07 180,224 -----c--- C:\WINDOWS\system32\dllcache\msadomd.dll
    2008-02-12 01:08 . 2006-12-26 05:07 102,400 -----c--- C:\WINDOWS\system32\dllcache\msjro.dll
    2008-02-12 01:07 . 2006-06-22 02:47 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
    2008-02-12 01:02 . 2006-05-05 01:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    2008-02-12 01:02 . 2006-05-05 01:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
    2008-02-12 00:46 . 2008-02-12 00:46 <DIR> d-------- C:\Program Files\Lavasoft
    2008-02-12 00:46 . 2008-02-12 00:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2008-02-12 00:45 . 2008-02-12 00:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-12 00:02 . 2008-02-12 00:02 <DIR> d-------- C:\Deckard
    2008-02-11 23:37 . 2006-12-14 05:45 981,760 -----c--- C:\WINDOWS\system32\dllcache\mfc42u.dll
    2008-02-11 23:23 . 2006-11-27 06:54 539,136 -----c--- C:\WINDOWS\system32\dllcache\msftedit.dll
    2008-02-11 23:23 . 2006-11-27 06:54 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll
    2008-02-11 22:00 . 2008-02-11 23:43 587 --a------ C:\WINDOWS\wininit.ini
    2008-02-11 19:38 . 2008-02-11 19:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-02-06 07:26 . 2008-02-13 08:41 <DIR> d-------- C:\Temp
    2008-02-03 20:43 . 2008-02-03 20:45 <DIR> d-------- C:\Documents and Settings\Lea\Application Data\HP
    2008-02-03 20:43 . 2008-02-03 20:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
    2008-02-03 20:36 . 2008-02-03 19:31 110,415 --------- C:\WINDOWS\hpoins11.dat.temp
    2008-02-03 20:36 . 2006-05-05 19:10 6,947 --------- C:\WINDOWS\hpomdl11.dat.temp
    2008-02-03 20:33 . 2006-05-05 15:17 11,634 --a------ C:\WINDOWS\hpomdl11.dat
    2008-02-03 19:30 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
    2008-02-03 19:30 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-03 19:30 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-03 19:29 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2008-02-03 19:29 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2008-02-03 19:29 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2008-02-03 19:29 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2008-02-03 19:29 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2008-02-03 19:29 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2008-02-03 19:28 . 2008-02-03 20:45 117,144 --a------ C:\WINDOWS\hpoins11.dat
    2008-02-03 19:28 . 2006-04-12 16:04 49,664 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2008-02-03 19:28 . 2006-04-12 16:04 21,568 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
    2008-02-03 19:28 . 2006-04-12 16:04 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2008-02-03 19:27 . 2006-04-12 16:02 827,392 --a------ C:\WINDOWS\system32\hpotiop2.dll
    2008-02-03 19:27 . 2006-04-12 16:02 659,456 --a------ C:\WINDOWS\system32\hpowiax2.dll
    2008-02-03 19:27 . 2006-04-12 16:04 282,624 --a------ C:\WINDOWS\system32\HPZc3212.dll
    2008-02-03 19:27 . 2006-04-12 16:02 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
    2008-02-03 19:27 . 2005-07-18 17:38 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
    2008-02-03 19:27 . 2006-01-04 00:12 77,824 --a------ C:\WINDOWS\system32\HPZIDS01.dll
    2008-02-03 16:51 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-02-03 16:51 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-02-03 16:49 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-02-03 16:49 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-02-02 19:30 . 2008-02-02 19:30 <DIR> d-------- C:\Documents and Settings\Lea\Application Data\CyberLink
    2008-02-02 19:30 . 2008-02-02 19:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
    2008-02-02 16:50 . 2006-08-07 23:02 22,016 -ra------ C:\WINDOWS\system32\drivers\RTL8150.SYS
    2008-02-02 15:45 . 2008-02-02 15:45 <DIR> d---s---- C:\Documents and Settings\Lea\UserData
    2008-02-02 15:43 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-02-02 15:43 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-02-02 15:43 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-02-02 15:43 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-02-02 15:07 . 2003-04-23 19:28 41,984 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
    2008-02-02 14:56 . 2008-02-02 14:56 <DIR> d-------- C:\Program Files\Modem Assistant
    2008-02-02 14:56 . 2008-02-02 14:56 <DIR> d-------- C:\Drivers
    2008-02-02 14:56 . 2004-06-17 14:55 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
    2008-02-02 14:56 . 2004-06-17 14:55 685,056 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
    2008-02-02 14:56 . 2004-06-17 14:56 220,032 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
    2008-02-02 14:56 . 2004-06-17 14:30 129,045 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty
    2008-02-02 14:56 . 2004-08-04 14:34 39,018 --a------ C:\WINDOWS\system32\HSFCI011.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-12 22:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-12 22:03 --------- d-----w C:\Program Files\Google
    2008-02-12 22:03 --------- d-----w C:\Program Files\Digital Media Reader
    2008-02-04 02:53 --------- d-----w C:\Program Files\HP
    2008-02-02 23:59 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-02 22:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-02 21:53 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-02-02 21:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-02 21:47 --------- d-----w C:\Program Files\CyberLink
    2008-02-02 19:46 --------- d-----w C:\Program Files\microsoft frontpage
    2008-02-02 18:05 558,142 ----a-w C:\WINDOWS\java\Packages\4QW8FV35.ZIP
    2008-02-02 18:05 155,995 ----a-w C:\WINDOWS\java\Packages\SA0MF173.ZIP
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-16 20:14 --------- d-----w C:\Program Files\AIM6
    2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
    1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
    1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
    1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
    1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
    1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-11 19:04 68856]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "Sauo "= "C:\WINDOWS\system32\WNSXS~1\regsvr32.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
    "LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
    "SecurDisc "= "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23 1620480]
    "InCD "= "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19 1050112]
    "SunKistEM "= "C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-10-18 14:05 135168]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 00:41 49152]
    "UserFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -u" [ ]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 07:10 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 12:13 219136]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
    Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 13:51:54 45568]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Windows Media Player\virtojujo.html
    FriendlyName=

    R3 mgau;mgau;C:\WINDOWS\system32\DRIVERS\mgaum.sys [2001-08-17 04:50]
    S3 FXDrv32;FXDrv32;I:\FXDrv32.sys []
    S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8150.SYS [2006-08-07 23:02]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-14 00:09:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-14 0:11:02
    ComboFix-quarantined-files.txt 2008-02-14 08:10:41
    ComboFix2.txt 2008-02-13 00:26:31
    .
    2008-02-12 23:23:45 --- E O F ---



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:12:52 AM, on 2/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Lea\Desktop\virus and spyware detection programs\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sauo] "C:\WINDOWS\system32\WNSXS~1\regsvr32.exe" -vt ndrv
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\virtojujo.html

    --
    End of file - 6713 bytes


    Thanks for looking all this over

    Mitch
     
    MitchellCooley,
    #10
  12. 2008/02/14
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


    Lets run a on-line scan.

    Please do an online scan with Kaspersky WebScanner

    Click on “Accept” If your pop –up blocker blocks the ActiveX download, allow it, click on “Accept” again

    You will be promted to install an ActiveX component from Kaspersky, Click Yes or Install.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Thanks
    Geri
     
    Geri,
    #11
  13. 2008/02/14
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    kaspersky part 1

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, February 14, 2008 11:42:04 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 14/02/2008
    Kaspersky Anti-Virus database records: 565623
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Scan Statistics:
    Total number of scanned objects: 71415
    Number of viruses found: 12
    Number of infected objects: 20
    Number of suspicious objects: 2
    Duration of the scan process: 01:12:01

    Infected Object Name / Virus Name / Last Action
    C:\Deckard\System Scanner\20080212000730\backup\DOCUME~1\Lea\LOCALS~1\Temp\winvsnet.exe Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc0fcb7c6839f8e20cce48e62aa1227d_0e190501-1aeb-4d62-930a-47b2b85e1150 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea563f5ed0b8ea72081a19b9b561dd25_0e190501-1aeb-4d62-930a-47b2b85e1150 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.8/wbuninst.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\Lea\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Lea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Lea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Lea\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Lea\Local Settings\Temp\fla35F.tmp Object is locked skipped
    C:\Documents and Settings\Lea\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Lea\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Lea\My Documents\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
    C:\Documents and Settings\Lea\My Documents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-6db58a1b.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\Documents and Settings\Lea\My Documents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-6db58a1b.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\HP Photosmart Essential.lnk Object is locked skipped
    C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\HP Photosmart Express.lnk Object is locked skipped
    C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\HP Solution Center.lnk Object is locked skipped
    C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\My Music\Desktop.ini Object is locked skipped
    C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\My Music\Sample Music.lnk Object is locked skipped
    C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\RealPlayer.lnk Object is locked skipped
    C:\Documents and Settings\Lea\My Documents\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
    C:\Documents and Settings\Lea\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Lea\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc151\Anna-1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc151\Anna.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc151\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 012.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 013.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 014.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 015.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 016.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 017.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 018.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 019.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 020.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 021.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 022.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 023.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 024.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 025.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 026.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 027.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 028.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 029.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 030.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 031.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 032.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 033.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 034.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 035.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 036.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 037.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 038.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 039.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 040.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 041.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 042.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Anna 043.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\l_1a848cd1f810992185afb1aba51d810c.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\l_1edb06b897f45f67826ccfb7a3a46315.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\l_edb7af02b169734648465473daac83fa.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc152\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc154\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc154\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc154\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc156\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc156\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc156\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\3.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Anna 012.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\m_5df75c0d6833e22fd5cd7b38dc853a5b.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\m_6a463ff50c8507fbde2486fb8fc2dd3a.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc157\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\00.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\0000000.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\11.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\1yes.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\2yes.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\3yes.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\4yes.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\5yes.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 012.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna 013.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Anna.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\cat1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\cat2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\cat3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\m_d047f64b9104f886aeebd85ba0e6820a.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\spaceball.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc158\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc161\2007-03-28\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc167\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 012.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 013.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna 014.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Anna009-4.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\imissyou-1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\l_d4210049d8932e4d5fc9811ea9ed3d17.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc173\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\53rtgkk.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\8-3posterweb.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Anna 012.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\IMG_0635.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\l_68bc80ebc1a674d0470c383541e2260d.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\m_80d3754d204b273a81f88abc5c24cac2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\oohtq3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc174\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc175\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc175\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc175\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc175\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc175\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc175\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc175\thetruth.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc175\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc177.lnk Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc178.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc179\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc179\1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc179\2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc179\3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc179\4.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc179\brandi.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc179\l_6f9f19b533616a4a2313e0c0743497a4.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc179\themostcutest.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc179\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\23.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\3.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\Anna.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\hahahahaha.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\kassidy.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\l_0b9453db7528a7f522eb48c4b7a20d1e.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\l_7e6803112edb707f53a3bd2a19d1c9b0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\l_a158161b83fe09e047183183bf51cd85.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\m_8e0494b8f8288a6ff264d6334ef63124.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\nado.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\ninja.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc180\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\Anna004-6.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\coolio.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\l_61e97cacaafa06a9a3284cfb04a37487.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\old.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\old1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\old2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\old3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\old4.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc181\z38377961xz1.png Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\0mom.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\0mom1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\0mom2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\0mom3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\1180393563871.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\118548269879303.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\16365170.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\19830.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\23.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\3.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\5ysswgh.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\62o0xf9.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\65z90na.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\68mksqo.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\6cr7sp5.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\6gb3jhx.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\add.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 012.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Anna 013.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\blk.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\cmnt.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\CUNTTTT.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\detail3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\DSCF2665.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\emo-2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\kristi.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\lol.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\l_8cf4dc8fec9f0501590dade40c56c5-1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\l_b0abadb7f410ad9ff3892215216e5c02.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\msg.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\peace.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\pix.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\****.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\****.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\pretty Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\pretty.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\pretty1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\scary.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\scene-2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\scene.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\sunkist.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\taylor.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\tux.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\untitled.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc182\untitledqu9.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc185.jpg Object is locked skipped
     
    MitchellCooley,
    #12
  14. 2008/02/14
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    kaspersky part 2

    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc186.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc187.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc188.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc189.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc190.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc191.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc192.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc193.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc194.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc195.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc196.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc197.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc198.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc199.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc200.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc201.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc202.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc203.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc204.avi Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc212.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc213.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc217.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc218.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc219.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc220.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc221.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc222.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc223.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc224.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc225.avi Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc236.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc237.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc238.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc239.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc240.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc241.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc242.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc243.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc244.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc245.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc246.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc247.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc248.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc249.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc250.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc251.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc252.tif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc260.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\4561.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\P7110116.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me10.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me11.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me4.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me5.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me6.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me7.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me8.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\rissa&me9.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\S5006966.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc263\untitled.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc264.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc265.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc266.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc267.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc268.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc269.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc270.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc271.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc272.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc273.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc274.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc275.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc276.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc277.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc278.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc279.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc280.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc281.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc282.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc283.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc284.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc285.txt Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc286.txt Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc287.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc288.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc289.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc290.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc291.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc292.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc293.png Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc294.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc295.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc296.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc297.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc298.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc299.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc300.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc301.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc302.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc303.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc304.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc305.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc306.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc307.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc308.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc309.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc310.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc311.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc312.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc313.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc314.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc315.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc316.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc317.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc318.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc319.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc320.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc321.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc322.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc323.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc324.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc325.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc326.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc327.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc328.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc329.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc330.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc331.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc332.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc333.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc334.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc335.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc336.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc337.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc338.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc339.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc340.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc341.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc342.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc343.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc344.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc345.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc346.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc347.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc348.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc349.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc350.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\09jakeabel.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\2d16ac7b6f4559cd9c3e46fe6d9e1b97fg7.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\5b2df762.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\a456ba67.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\ABMBER.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\aids.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\Alan Tudyk.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\aleain.png Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\ALY & AJ.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\amber && i 2.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\anna.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\anna2.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\apple.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\AWTR.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\Banner.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\banner.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\bear.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\been.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\benny.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\bert.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\bff.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\bff2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\boombox.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\boy-shorts.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\camera.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\CARiSSA.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\cartoondragon.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\catball.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\CHANNING.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\CHEESE.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\CHEESE.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\chelsea1.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\chelsea3_1024x768.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\chelsea4_1024x768.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\christopher.jpg Object is locked skipped
     
    MitchellCooley,
    #13
  15. 2008/02/14
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    kaspersky part 3

    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\cookie.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\crash.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\dancee.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\dino.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\dino.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\drink3.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\dryer.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\effinjordan.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\elmo.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\er.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\ernie-1.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\eye shadow.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\flower0grass.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\four.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\FROOG.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\girlhearts.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\heartratezk1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\i hope eat you.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\i love you.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\iloveamber.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\ipods.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\J0HNNY C00PER.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\Jake_-headshot-1JPEG.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\jason.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\juice.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\keithanderson1_e.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\kids2cp.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\kim.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\kiss me.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\krista.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\LANCE.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 012.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 013.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 014.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 015.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 016.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 017.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 018.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 019.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 020.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 021.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 022.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\leah 023.avi Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\lessthanjake-anthem.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\lips.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\love.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\MADDi.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\me.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\monkey08.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\musicbars2oq8.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\Nelly.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\ninja2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\p1.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\peguin.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\piggy.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\PINGU.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\R0B0T.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\R0B0TPPL.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\rain.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\rainbow.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\rent.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\ricky b.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\robot08.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\rose.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\soccer.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\straightner.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\tbs.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\tbs2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\tealandwhitehearts.png Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\THE SCENE.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\th_JW001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\th_timmcgraw1_v_p.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\tight2wf.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\timmcgraw1_v_p.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\tiny robot.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\tutrles.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\uglyblackguy.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc351\whengirlsdrinktomuch.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc352.pdf Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc353.pdf Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc354.pdf Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc355\00.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc355\Anna.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc355\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc355\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc356.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc357.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc358.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc359.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc360.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc361.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc362.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc363.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc364.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc365.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc366.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc367.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc368.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc369.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc370.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc371.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc372.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc373.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc374.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc375\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc376.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc377.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc378.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc379.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc380.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc381.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc382.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc383.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc384.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc385.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc386.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc387.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc388\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc388\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc388\Anna010-6.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc388\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\00.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\23.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna-1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Anna.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\boom.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\caption.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\caption1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\comment.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\l_09b4ea9db6d661daa4e030d297bb92d7.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\l_24b2572eb3d1ffa87c4f57e8d3d061a7.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\l_fdbc9975382d5ac7da684cd3d0b844b3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\one.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\rissa.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\three.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc389\two.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\00.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\m_d2004e7d6e90d21d09576a54fbb1388d.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc390\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc391\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc391\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc391\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc392\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc392\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc392\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc392\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc392\the days.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc392\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 012.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 013.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 014.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 015.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 016.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 017.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 018.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 019.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 020.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 021.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 022.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 023.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 024.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Anna 025.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc393\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc394.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc395.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc396.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc397.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc398.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc399.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc400.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc401.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc402.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc403.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc404.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc405.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc406.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc407.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc408.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc409.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc410.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc411.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc412.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc413.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc414.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc415.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc416.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc417.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc418.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc419.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc420.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc421.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc422.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc423.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc424.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc425.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc426.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc427.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc428.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc429.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc430.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc431.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc432.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc433.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc434.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\00.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Anna 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\howdy1..jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\howdy2..jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\my man.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\shaun1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\shaunstratton.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\teganandsara5.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\this is shaun.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc435\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\00.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\000.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\000000000.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\0003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\10.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\2007-10-24, Anna\00.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\2007-10-24, Anna\Anna.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\2007-10-24, Anna\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\2007-10-24, Anna\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\23.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\26.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\Anna 003.jpg Object is locked skipped
     
    MitchellCooley,
    #14
  16. 2008/02/14
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    kaspersky part 4

    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\l_423a44b07a83ff6b961bfdf44e46237f.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\l_57fbfb82d7d351ec47058a13542ade4d.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\l_da1e333d19ae847b9286169b4599ffb2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc448\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\00.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\01.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\02.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\03.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\l_4c3860d1c8e60a6c9df8b28cf518437f.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\l_879f20985d71139f2ef97335ddfc526b.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\l_91b59ab0c5a983f881c68011e2e75e0e.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc450\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc451\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc452\25ss6m1.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc452\8vvfq8.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc452\aburi.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc452\Anna004-9.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc452\dustyAburi1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc452\dustyaburi2.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc452\leah.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc452\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc452\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc453.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc454.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc455.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc456.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\go yoyes.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc457\yotes.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\281x211.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\3.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\3.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\bulletin..bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\clear.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\dusty000.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\high bulletin..bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\l_297d64745efaa06713344d913d8fea8e.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\l_3bd89bf135fa4da69b81006e9f9aa1d4.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\l_592d398aae063f5a67c4ea24b552c032.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\l_a9c07f38744b829315e3f67aa41051d1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\l_cb174fc5e4370ffbc40add887c62c550.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\m_1134ae3587e034f814bb0b644234cb98.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\m_113f9dd8e380d98e26cb43542d398cf1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\m_64c590c458cecb9bf9169b892e62c5a0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\m_6edec54134b37c785ba77f8990efa145.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\m_82f6f447bf93d662aa0ec380cf3ab6f7.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\m_f77a327cdb135abfcf1a52981ad5ebc7.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\raider_jpg_xs.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\ROHO20Bandit20Black.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc458\WFHSFOOTBALL.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc459\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc459\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc459\Anna001-13.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc459\Anna002-20.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc459\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\amber.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\annabooloo-1.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\dusty.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\l_26884c36b9c4ee472a0caf4f81409006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\m_796a361ebd183d4675db16e2d72e4fda.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\rissa.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc460\untitled.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\0.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\0.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\000.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\0cy.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\23.bmp Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\baby.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\coyoteHEAD.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\cy.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\l_5c4e6629229a6be145d783ec969baf87.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\l_c97507414c84fc991e214eefc9169d92.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\sarah.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc461\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc462.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc463.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc464.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc465.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc466.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc467.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc468.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc469.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc470.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc471.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc472.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc473.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc474.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc475.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc476.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc477.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc478.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc479.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc480.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc481.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc482.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc483\Picasa.ini Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc483\Thumbs.db Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc484.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc485.png Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc486.gif Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc487.png Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc488.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc489.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc490.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc491.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc492.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc493.url Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc494.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 001.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 002.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 003.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 004.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 005.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 006.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 007.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 008.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 009.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 010.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 011.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 012.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 013.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 014.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 015.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 016.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 017.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 018.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 019.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 020.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 021.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 022.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 023.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 024.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 025.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 026.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 027.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 028.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 029.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 030.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 031.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 032.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 033.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 034.jpg Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Anna 035.avi Object is locked skipped
    C:\RECYCLER\S-1-5-21-2531737622-502318138-1599230500-1003\Dc495\Thumbs.db Object is locked skipped
    C:\SDFix\backups\backups.zip/backups/virtojujo.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
    C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP10\A0004920.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP10\A0004922.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP12\A0005073.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP12\A0005074.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP12\A0005077.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP12\A0005162.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP12\A0005169.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP13\change.log Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003103.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003115.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003145.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003149.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003150.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003150.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003151.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003152.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003153.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003153.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003155.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003157.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP4\A0003166.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP5\A0003182.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004199.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004200.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004201.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004202.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004203.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004204.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004205.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004206.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004207.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004208.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004211.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004212.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004212.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004213.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004217.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004218.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP6\A0004230.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004237.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004240.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004241.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004242.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004243.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004244.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004245.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004246.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004247.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004250.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004251.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004252.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004253.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004254.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004255.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004256.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004257.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004258.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004259.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004260.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004261.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004262.exe Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004263.dll Object is locked skipped
    C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP7\A0004276.exe Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{50A8FCA5-1F5E-47B5-A07D-A4F777257F0B}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    H:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP13\change.log Object is locked skipped

    Scan process completed.
     
    MitchellCooley,
    #15
  17. 2008/02/14
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    question about recycler

    If the recycle bin is empty, why so many files in each bin?
     
    MitchellCooley,
    #16
  18. 2008/02/14
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    That's a good question.

    Did you run ATF Cleaner? and let it finish until you got the Clean message?

    Run it again and this time do the select all button and the clean selected.
    Make sure you let it go until you get the done cleaning message.

    The good news is that it's only showing a infection in the Java cache, so lets get that.

    The instructins may very a little.

    Updating Java and Clearing Cache
    1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
    2. It will say "Java Plug-in" under the icon.
      Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
    3. If you are unable to update you can manually update by going here:
    4. After the reboot, go back into the Control Panel and double-click the Java Icon.
    5. On the general tab, at the bottom it has "temporary internet files "
    6. Click the settings button. Then the Delete files button.
    7. There are two options in the window to clear the cache - Leave both Checked

      • Applications and Applets
        Trace and Log files
    8. Click OK
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    9. Click OK to leave the Java Control Panel.
    10. Delete older versions from Add/Remove list.

    Download OTMoveIt2

    Download
    OTMoveIt2 by OldTimer to your Desktop.
    Double click OTMoveIt2.exe to launch it.

    Click the CleanUp button

    Now run Kaspersky again, if you still get all the Recycler entries don't post them just let me know. delete all that you can and Post the rest of the log.

    Thanks
    Geri
     
    Geri,
    #17
  19. 2008/02/14
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    Will get that computer hooked up and taken care of shortly. But wanted to give you something to ponder;

    Have run ATF Cleaner several times - but will keep running it and see what happens. There are only two accounts I can see on this system - Administrator and Lea but there are four recycle bins?


    This computer had been in a "repair shop" to fix the problems we are now working on. While in the repair shop they loaded WinXP Pro over WinXP Home which had been pre installed. The owner doesn't know why they did it and she no longer had the original disc to re-install WinXP Home.

    I say that to say I don't think Java was reinstalled when they installed PRO, but I will check to make sure.

    Will let you know shortly.

    Mitch
     
    Last edited: 2008/02/14
    MitchellCooley,
    #18
  20. 2008/02/15
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK, can you tell me where the bins are located, are they all in here?
    C:\RECYCLER

    Are they all full or are there empty ones after you run ATF Cleaner.

    Also, look in add/remove for Java.

    Thanks
    Geri
     
    Geri,
    #19
  21. 2008/02/15
    MitchellCooley Lifetime Subscription

    MitchellCooley Inactive Thread Starter

    Joined:
    2006/12/02
    Messages:
    1,090
    Likes Received:
    20
    Recycle bins are all located in C|RECYCLER:

    Contents of C:\RECYCLER


    S-1-5-21-197315645-1385584447-2923267623-1003
    Size 86 Bytes
    Created Dec 22, 2005

    S-1-5-21-1229272821-1614895754-682003330-1003
    Size 85 Bytes
    Created Feb 2, 2008

    S-1-5-21-1708537768-1417001333-682003330-1000
    Size 885 Bytes
    Created Jan 2, 26

    S-1-5-21-2531737622-502318138-1599230500-1003
    Size 417 MB
    Created Dec 22, 2005

    Java had not been reinstalled after the install of PRO. Taken care of. Cache Cleared.

    Moveit done

    Kaspersky is almost done.

    Be back in a moment

    Mitch
     
    MitchellCooley,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...