slow boot, lots popups, cannot remove some files

New Kaspersky Scan (Without Recycler)

C:\RECYCLER was still there

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 15, 2008 12:45:54 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/02/2008
Kaspersky Anti-Virus database records: 567337
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 69192
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 2
Duration of the scan process: 00:53:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc0fcb7c6839f8e20cce48e62aa1227d_0e190501-1aeb-4d62-930a-47b2b85e1150 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea563f5ed0b8ea72081a19b9b561dd25_0e190501-1aeb-4d62-930a-47b2b85e1150 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.8/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Lea\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lea\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Lea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lea\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lea\Local Settings\History\History.IE5\MSHist012008021420080215\index.dat Object is locked skipped
C:\Documents and Settings\Lea\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Lea\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lea\My Documents\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Lea\My Documents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-6db58a1b.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Lea\My Documents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-6db58a1b.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\HP Photosmart Essential.lnk Object is locked skipped
C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\HP Photosmart Express.lnk Object is locked skipped
C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\HP Solution Center.lnk Object is locked skipped
C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Lea\My Documents\Desktop\desk top stuff\RealPlayer.lnk Object is locked skipped
C:\Documents and Settings\Lea\My Documents\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Lea\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lea\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP17\A0006151.exe Object is locked skipped
C:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP17\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CE2A629A-C047-4B40-9638-2B283F253847}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
H:\System Volume Information\_restore{C9AADCAF-5A55-4FC5-86B0-7EB8FD0608DA}\RP17\change.log Object is locked skipped

Scan process completed.

 

Hi
OK that didn't get rid of it, so lets see if it can be done manually.

Follow this path and delete this.

C:\Documents and Settings\Lea\My Documents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-6db58a1b.zip


Now open SpyBot S/D click on Recovery
Put a check next to all boxes listed and click Purge selected items.


Now About the Recyclers, I need to find out if all but one can be deleted. For now lets clean them all out.
Go to C: and open each recycler folder, Double click and Open the one that has the recycle bin icon
Click Edit (Top of window) click select all
Click on File (Top of window)
Click Delete.
OK the prompt

Let me know that they deleted all the files, and I'll see if we can delete the older ones.

Thanks
Geri

 

Unfortunately, Lea (the computer owner) picked it up today to take it back to the "repairman" who loaded WinXP Pro so he can fix the KEY. She is gettiing a blue star on the lower right corner and I told her to call him to get the original software and/or something to prove it is hers and only hers.

long story (see post in WinXP).

As soon as I get the machine back I will take care of it.

As I remember, though, under the C:\RECYCLER folder there were four recycle bin icons with the designations I listed in my post.

Will keep you up to date.

Thanks for your help. Lea thanks you too.

Mitch

 

Hi Mitch

OK, Good luck with that.

You know where we are if you need us.

Geri