Friends HJTL

[vroom_skies]

Hey guys, would you be able to check out this log for my friend. Pretty sure he might have the vundo trojan.
Edifier and Call4me only.

Logfile of HijackThis v1.99.1
Scan saved at 10:01:04 AM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ADOUsefulNet Object - {22E85F2A-4A67-4835-B2C3-C575FE4EC322} - C:\WINDOWS\system32\yabxy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {57E2C81D-07C8-4D3B-BE2C-00546481ADCb} - C:\WINDOWS\system32\nhnfixbe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvu - xxyvu.dll (file missing)
O20 - Winlogon Notify: yabxy - C:\WINDOWS\system32\yabxy.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - (no file)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Megravc - Conexant - (no file)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

[vroom_skies]

TTT

Please help, edifier/ call4me. Freind needs help.

Thanks Bob.

 

[edifier]

follow these steps here http://forums.majorgeeks.com/showthread.php?t=74267 Once completed, post a fresh 'HJT' log.

 

[vroom_skies]

Here is the new log. His comp is still running very poor.

Logfile of HijackThis v1.99.1
Scan saved at 2:32:01 PM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1144278358\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1144278358\ee\aim6.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ADOUsefulNet Object - {22E85F2A-4A67-4835-B2C3-C575FE4EC322} - C:\WINDOWS\system32\yabxy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {57E2C81D-07C8-4D3B-BE2C-00546481ADCb} - C:\WINDOWS\system32\nhnfixbe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvu - xxyvu.dll (file missing)
O20 - Winlogon Notify: yabxy - C:\WINDOWS\system32\yabxy.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - (no file)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Megravc - Conexant - (no file)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


Thanks for all the help,

Bob

 

[Praetor]

Stuff that can outright go
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Common Files\AOL\1144278358\ee\aolsoftware.exe



Noncritical stuff you may want to remove
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\wuauclt.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe


Stuff I'm pretty sure can go
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

 

[edifier]

Go to 'Control Panel/folder options/view' and check 'show hidden files and folders'.While there, UNCHECK 'hide protected operating system files(recommended)'. Click Apply and Okay.

Update Ewido.

Next, download, install and update 'A-squared' here http://www.emsisoft.com/en/software/free/

Download, install and update this excellent freebie- Superantispyware here http://www.superantispyware.com/download.html

Download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ You will need it later in safe mode.

Download 'Killbox' here http://www.downloads.subratam.org/KillBox.exe to your desktop.You will need it later in safe mode.

Reboot your computer in Safe Mode by doing the following.

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Please make sure ALL security programs including 'Spybot' and 'Ewido' are disabled until they are needed.

From safemode, run HijackThis and put a check by the following entries if still present, close all open windows and browsers except HijackThis and click 'Fix Checked'

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: ADOUsefulNet Object - {22E85F2A-4A67-4835-B2C3-C575FE4EC322} - C:\WINDOWS\system32\yabxy.dll
O2 - BHO: (no name) - {57E2C81D-07C8-4D3B-BE2C-00546481ADCb} - C:\WINDOWS\system32\nhnfixbe.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c5.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: xxyvu - xxyvu.dll (file missing)
O20 - Winlogon Notify: yabxy - C:\WINDOWS\system32\yabxy.dll

Exit Hijack This but remain in safe mode.

Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines if still present one at a time.

C:\WINDOWS\system32\yabxy.dll
C:\WINDOWS\system32\nhnfixbe.dll
C:\WINDOWS or C:\WINDOWS\system32\xxyvu.dll

Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.


Begin running your scans in this order.

Ewido
A-squared
Superantispyware

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot into normal windows, run ATF Cleaner again and then go here http://support.f-secure.com/enu/home/ols.shtml and run this online scan. Once completed, there should be a scan log. Post it along with a fresh 'HJT' log.

 

[vroom_skies]

Here is the new Log.

Logfile of HijackThis v1.99.1
Scan saved at 11:31:01 PM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - (no file)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - (no file)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - (no file)
O23 - Service: Megravc - Conexant - (no file)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Parallel Technologies, Inc. - (no file)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thanks

Bob

 

[edifier]

Much better. How is the computer running now?. Did you not run the F-secure scan and if so, was there anything in the scan log?.

 

[vroom_skies]

Thanks man.

Well I forgot to run F-secure, so here is the log. The computer is running better, but it still feels like it could be much faster. Boot times take forever. The computer is defraged, and there are hardly anyprograms loading when windows starts.

Sunday, September 10, 2006 17:30:14 - 18:34:11
Computer name: RSJR
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 2 malware found
Tracking Cookie (spyware)
System (Disinfected)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 30275
System: 3730
Not scanned: 8
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{25D22681-05D7-4348-9CC4-5ECB29C04A65}.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0363746B6BC444AC02E892175800E06A_50E417E0-E461-474B-96E2-077B80325612
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_50E417E0-E461-474B-96E2-077B80325612
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A126FE76EBDA7D258AC61A0432138D32_50E417E0-E461-474B-96E2-077B80325612
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA8B800F45DB3CBCA7696AB01389EBB9_50E417E0-E461-474B-96E2-077B80325612

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-09-10
F-Secure Libra: 2.4.1, 2006-09-09
F-Secure Orion: 1.2.37, 2006-09-08
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-07
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics


Thanks Bob

 

[edifier]

I wanted the F-secure scan for any disinfection needs. If you don't mind doing one more scan, proceed with below.

Run this free online dianogstic scan from 'Kaspersky' http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop.If any infections are present, post a copy of it here.

Has McAfee been removed?.

Also disable the 'Ewido Realtime Guard'. Alot of users have complained about the resourse usage. Just use it as a on-demand scanner.

 

[vroom_skies]

Here is the log, looks like there might be another trojan.
Thanks
Bob

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, September 11, 2006 11:08:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/09/2006
Kaspersky Anti-Virus database records: 222555
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 58858
Number of viruses found: 2
Number of infected objects: 5 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:42:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0363746b6bc444ac02e892175800e06a_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a126fe76ebda7d258ac61a0432138d32_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea8b800f45db3cbca7696ab01389ebb9_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Jonathan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx/[From "PayPal Team"<[email protected]>][Date Sun, 27 Aug 2006 23:17:06 -0400]/html Infected: Trojan-Spy.HTML.Paylap.iy skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jonathan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01254.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01255.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01256.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01257.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01258.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01260.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01261.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01262.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01263.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01264.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01265.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01266.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01267.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01268.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\DSC01269.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc276\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc277\DSC01270.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc277\DSC01271.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc277\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc278\DSC01273.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc278\DSC01274.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc278\DSC01275.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc278\DSC01282.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc278\DSC01283.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc278\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc283\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-01.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-02.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-03.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-04.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-05.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-06.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-07.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-08.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-09.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-10.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-11.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-12.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-13.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-14.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-15.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-16.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-17.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-18.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-19.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-20.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-21.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-22.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-23.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-24.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-25.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-26.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-27.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-28.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-29.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-30.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-31.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-32.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-33.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-34.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-35.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\2-13-2006-36 (2).JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\Shortcut to 2-13-2006.lnk Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc318\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{08166482-EE5F-4EA6-9E12-E52FF6C99927}_Large.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{08166482-EE5F-4EA6-9E12-E52FF6C99927}_Small.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{279C9A85-C9A7-4E10-B145-EA4432388FD4}_Large.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{279C9A85-C9A7-4E10-B145-EA4432388FD4}_Small.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{5DDB9C46-E347-4EF1-B9C6-6E499C7B0461}_Large.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{5DDB9C46-E347-4EF1-B9C6-6E499C7B0461}_Small.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{6CB01A4E-81C2-4C76-BEA5-13F890A00E0A}_Large.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{6CB01A4E-81C2-4C76-BEA5-13F890A00E0A}_Small.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{7EF0BA4F-85D5-4222-83B0-85F65E0B155A}_Large.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{7EF0BA4F-85D5-4222-83B0-85F65E0B155A}_Small.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{9998C214-CDA7-4E92-8656-41B4F6A7F0CC}_Large.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{9998C214-CDA7-4E92-8656-41B4F6A7F0CC}_Small.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{E6D89BD8-1825-46B9-BB83-5862920C5141}_Large.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{E6D89BD8-1825-46B9-BB83-5862920C5141}_Small.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{F1A67107-DD9D-475E-A273-A0FC04A9C9C8}_Large.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\AlbumArt_{F1A67107-DD9D-475E-A273-A0FC04A9C9C8}_Small.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Big Kid-You Must Be Kidding -eAlbum-01-03 What Kind of Name Is- -mp3-192- - Sep 09, 2004 14.22.36.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Charlie Robison - Good Times.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Desktop.ini Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\iTunes\iTunes Library.itl Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\iTunes\iTunes Music Library.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Kimmie Rhodes - Love Me Like A Song.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Musicmatch - It's Way Better With Plus!.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\My Personal Moon.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\My Playlists\Kerosene- Miranda Lambert.wpl Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\My Playlists\Room For Squares- John Mayer.wpl Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\NaturalFool(192k).mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Sample Music.lnk Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Secondhand Jive - Lucky.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\SIGHTLINES.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\The Like Young - Worry A Lot - 192.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\The Nitty Gritty Dirt Band - Party On The Mountain.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\The Silos-Holding On To Life.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\The-Cells_Silver-Cloud_192kbps.mp3 Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\desktop.ini Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (2-23-2006 4-20-43 PM)\15 Track 15.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (2-23-2006 4-20-43 PM)\16 Track 16.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (2-23-2006 4-20-43 PM)\desktop.ini Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\01 Track 1.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\02 Track 2.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\03 Track 3.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\04 Track 4.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\05 Track 5.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\06 Track 6.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\07 Track 7.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\08 Track 8.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\09 Track 9.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\10 Track 10.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\11 Track 11.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\12 Track 12.wma Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc319\Unknown Artist\Unknown Album (6-20-2005 4-29-14 PM)\desktop.ini Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 027.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 038.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 039.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 040.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 044.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 050.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 058.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 059.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 060.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 061.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 062.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 065.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 066.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 067.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 068.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Picture 069.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc343\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc344\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc345\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc346\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc347\DSC01417.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc347\DSC01418.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc347\DSC01419.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc347\DSC01420.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc347\DSC01421.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc347\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01428.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01429.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01430.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01431.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01432.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01433.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01434.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01435.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01436.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\DSC01437.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc348\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc349\DSC01443.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc349\DSC01449.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc349\DSC01452.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc349\DSC01454.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc349\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\DSC01461.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\DSC01462.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\DSC01463.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\DSC01464.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\DSC01465.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\DSC01466.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\DSC01467.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\DSC01468.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\DSC01469.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc350\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc351\DSC01472.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc351\DSC01473.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc351\DSC01474.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc351\DSC01475.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc351\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc352\DSC01476.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc352\DSC01477.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc352\DSC01480.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc352\DSC01481.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc352\DSC01482.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc352\DSC01483.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc352\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\2006-04-17-1908-19\DSC01492.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\2006-04-17-1908-19\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\DSC01484.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\DSC01485.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\DSC01486.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\DSC01487.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\DSC01488.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\DSC01489.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\DSC01490.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\DSC01491.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc353\Thumbs.db Object is locked skipped
C:\RECYCLER\S-1-5-21-1650199048-2900186959-2279115482-1007\Dc354\Thumbs.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP160\A0150194.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP160\A0150195.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP160\A0150197.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP161\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2F266A38-1060-49C6-82D8-E4DB25359849}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

[edifier]

Just a few things to clean up.

Go to 'Control Panel/folder options/view' and check 'show hidden files and folders'.While there, UNCHECK 'hide protected operating system files(recommended)'. Click Apply and Okay.

Run 'Outlook' and empty the 'Deleted' email folder. If it was empty, then
navigate to 'C:\Documents and Settings\Jonathan\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\' and you will probably have to delete 'Deleted Items.dbx'.

Then empty the recycle bin.

Now to flush the 'Restore Folder' by going to Control Panel/ System/System Restore and check the box ' Turn off system restore on all drives' click 'apply' and 'okay'. Reboot the computer and go back there and turn system restore back on and create a 'New Restore Point' by going to 'Start/Programs/Accessories/System Tools/System Restore'.

You should now be clean and remember to disable the Real Time guard on Ewido.