Hijack This Logfile - Need help getting rid of SystProtect/WinAnti-Virus and other junk!

Logfile of HijackThis v1.99.1
Scan saved at 11:01:20 PM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: DPCUpdater Object - {E321ACA5-B12F-4D2C-B786-23B0A559CB21} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: (no name) - {E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F} - C:\WINDOWS\system32\ddccb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137009079765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://sister.viewnetcam.com:9005/bl_camera.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

Hello vann1234,

Download VundoFix to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a fresh HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

 

Sorry, I've been away from this particular PC for awhile. Anyway, I ran vundo when you first recommened. The PC was okay for a while, but now I have the same problema once again along with some others - more pop-ups, a KLONE virus that AVG picks up but won't clean, sometimes IE won't launch unless I restart the pc, and other folders failed to launch. I ran vundo as of today, and it indicated there were no infected files, yet the pop-ups continue. All that said, here's my most recent HJ file.

Logfile of HijackThis v1.99.1
Scan saved at 9:56:42 AM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B4F3D490-538B-4F0E-A91C-EBA15E72E8DC} - C:\WINDOWS\system32\mlljj.dll
O2 - BHO: (no name) - {E321ACA5-B12F-4D2C-B786-23B0A559CB21} - (no file)
O2 - BHO: (no name) - {E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F} - (no file)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\fshhivmp.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137009079765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://sister.viewnetcam.com:9005/bl_camera.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe

 

There's Vundo showing. Your version of VundoFix is probably out-of-date-the reason it will not remove the newer Vundo.

Delete VundoFix.

Download the latest version from here to your desktop and run it again.

Post back with the contents of C:\vundofix.txt and a new HijackThis log.

 

Thank you for your prompt response. Here's the latest info.

VUNDO FILE
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\jjllm.tmp
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\jjllm.tmp

HJ FILE
Logfile of HijackThis v1.99.1
Scan saved at 5:01:28 PM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C511CBA1-E47A-4371-AD2D-301DAB7812F2} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {E321ACA5-B12F-4D2C-B786-23B0A559CB21} - (no file)
O2 - BHO: (no name) - {E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F} - (no file)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\fshhivmp.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137009079765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://sister.viewnetcam.com:9005/bl_camera.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe

 

Go to Add/Remove Programs and uninstall(if listed):
[bold]Viewpoint Manager
VSToolBar[/bold] (or similar)

Download this 018RegFix .
Unzip the file to the desktop.
Double-click on the reg file and click "[bold]Yes[/bold]" to merge with the registry.

Run a scan only with HijackThis, check these(if there):

[bold]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz...rch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {C511CBA1-E47A-4371-AD2D-301DAB7812F2} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {E321ACA5-B12F-4D2C-B786-23B0A559CB21} - (no file)
O2 - BHO: (no name) - {E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F} - (no file)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\fshhivmp.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab [/bold]

Close all windows except HijackThis, then click "[bold]Fix checked[/bold]".

Restart your computer.

Go here to run [bold]Kaspersky Online Scanner[/bold].
[bold]Accept[/bold] the terms.
After downloading, click "[bold]My Computer[/bold]" to scan.
After scanning, click "[bold]Save report as[/bold]".
Save as a text file on the desktop.

Post back with the Kaspersky log and a new HijackThis log.

 

HJ FILE
Logfile of HijackThis v1.99.1
Scan saved at 12:20:14 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\spider.exe
C:\HJT\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137009079765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://sister.viewnetcam.com:9005/bl_camera.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe


KASPERSKY ONLINE SCANNER REPORT
Saturday, November 04, 2006 12:18:30 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/11/2006
Kaspersky Anti-Virus database records: 238293


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 188298
Number of viruses found 26
Number of infected objects 164 / 0
Number of suspicious objects 3
Duration of the scan process 03:50:59

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\DSS\MachineKeys\9d4b0d651fccd7149f78f15e84eaaafb_ac6192cf-345b-4437-9f05-cd14f018195a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_ac6192cf-345b-4437-9f05-cd14f018195a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec8dde651f5ad85dd1f76f731c36b524_ac6192cf-345b-4437-9f05-cd14f018195a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Altnet4.zip/asmend.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Altnet4.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\sp352452548[2].htm Suspicious: Trojan-Downloader.JS.gen skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[6].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[6].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[7].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[8].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\MISS CAT\My Documents\Cathy\My Documents\betty_boop.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped

C:\Documents and Settings\MISS CAT\My Documents\Cathy\My Documents\betty_boop.exe WiseSFX: infected - 1 skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Vann\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\History\History.IE5\MSHist012006110420061105\index.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Vann\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Vann\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\Full Tilt Poker\vann1234.dat Object is locked skipped

C:\Program Files\TBONBin\tbon.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\Program Files\TBONBin\TBONWnd.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bf skipped

C:\Program Files\TBONBin\Uninstall.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\Program Files\VSAdd-in\VSAdd-in.dll Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc101.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc102.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc103.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc104.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc105.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc106.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc107.wmv Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc109.html Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc110.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc111.mbf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc112.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc113.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc114 Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc116.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc117.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc118.ppt Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc119.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc120.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc121.bcp Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc122.xlr Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc123\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc123\ZbThumbnail.info Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc124.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc125.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc126.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc127.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc128.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc129.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc130.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc131.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc132.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc133.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc134.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc135.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc136.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc137.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc138.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc139.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc140.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc141.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc142.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc143.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc144.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc145.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc146.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc147.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc148.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc149.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc150.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc151.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc152.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc153.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc154.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc155.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc156.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc157.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc158.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc159.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc160.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc161.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc162.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc163.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc164.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc165.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc166.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc167.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc168.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc169.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc170.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc171.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc172.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc173.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc174.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc175.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc176.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc177.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc178.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc179.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc180.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc181.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc182.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc183.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc184.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc185.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc186.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc187.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc188.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc189.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc190.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc191.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc192.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc193.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc194.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc195.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc196.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc197.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc198.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc199.txt Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc2.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc200.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc201.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc202.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc203.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc204.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc205.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc206.nra Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\AlbumArtSmall.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\Desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\Folder.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\~$debppic.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\~$laexash.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc208.trace Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc260\receive\0234.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc260\receive\Image001.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc261.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc262.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc263.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc264.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc265.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc266.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc267.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc268.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc269.htm Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc270.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc271.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc272.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc274.wav Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc276.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc277.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\carlos collage.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210046.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210047.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210048.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210049.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210050.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210051.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210052.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210053.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210054.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210055.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210056.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210057.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210058.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210059.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210060.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210061.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210062.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210063.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210064.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210065.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210066.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210067.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210069.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210070.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210071.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210072.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210073.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210074.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210075.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210079.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210080.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210081.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210082.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210083.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210096.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210098.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210099.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210100.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210101.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210102.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210103.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210104.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210105.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210106.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210107.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210108.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210109.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210110.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210111.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210112.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210113.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210115.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210116.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210117.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\stefania collage.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\orange and black.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\orangeandblack.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\test flyer.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\testflyer2.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\uncle vann collage.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\uncle vann collage2.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc287.html Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc288.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc289.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc290.mbf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc291.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc292\Desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc294.bcp Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc295.bcp Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc3\receive\bluskin.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc3\receive\blustud.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc3\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc76.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc77.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc78.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc79.mny Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc80.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc81\STUDZ.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc81\STUDZ5.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc81\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc82.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc83.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc84.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc85.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc86.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc87.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc88.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc89.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc90.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc91.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc92.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc93.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc94.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc95.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc96.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc97.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc98.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc99.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc107.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc108 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc109 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc110.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc111.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc112.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc17.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc23.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc24.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc25.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc26.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc31.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc32.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc34.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc61.mp3 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc64.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc65.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc66.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc67.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc68.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc73.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc74.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc75.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc76.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc78.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc79.wav Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc85\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc86.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc90.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc91.sav Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc94.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc95.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc96.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc97.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc98.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc99.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc163.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc164.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc183.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc204.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\01 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\02 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\03 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\Desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\(Can We) M.A.K.E. L.U.V. - Profyle.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\8 Ball (Remix) -NWA.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\A Dream-DeBarge.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\cathy test.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\Foe Life - Mack 10.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\junk recording.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\junk.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\more junk.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\Scream and Shout - Melvin Riley + Jamie Foxx.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\Seperated - Avant.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\She Wasn't Last Night - Jesse Powell.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\test junk.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\__INCOMPLETE___Prince - 7ce611dee0956a78f49773f6f04e2be23004b3dd100800000ac4400000134.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\26.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\26.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\03.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\03.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\06.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\06.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Uncle Vann's BirthDay Mix 2001\01.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Uncle Vann's BirthDay Mix 2001\01.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc233.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc238.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc239.bmp Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc289.mp3 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc291.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc297.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc298.bmp Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc313.jpeg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc316.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc83.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc99.WAV Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc14.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc15.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc16.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc17.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc18.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc19.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc20.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc21.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc7.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc8.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc9.jpg Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0007250.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0008249.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0008260.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0008270.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0009271.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP11\A0009315.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP11\A0010315.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP11\A0011315.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP12\A0011375.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP14\A0011418.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP14\A0012422.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0013424.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0013436.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0015442.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0016452.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0016464.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP17\A0017463.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP17\A0018463.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP18\A0019466.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP18\A0020463.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP19\A0020481.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP2\A0000004.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP2\A0000025.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP20\A0020520.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP21\A0020523.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP21\A0020550.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP22\A0021550.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP22\A0021575.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP24\A0021633.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP25\A0021662.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP27\A0021692.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP27\A0021693.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP27\A0021694.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0021723.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022609.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022610.dll Infected: not-a-virus:AdWare.Win32.Altnet.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022611.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022612.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022613.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022615.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022616.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022617.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022618.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022620.dll Infected: not-a-virus:AdWare.Win32.404Search.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022624.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0022712.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0022721.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0023851.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0023852.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024070.exe/Stream/data0001 Infected: Trojan-Downloader.Win32.Agent.aqh skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024070.exe/Stream Infected: Trojan-Downloader.Win32.Agent.aqh skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024070.exe Inno: infected - 2 skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024118.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024203.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024204.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024205.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024206.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024207.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024208.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024209.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024210.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024211.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024212.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024213.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024214.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024215.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024216.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024217.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024218.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024219.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024220.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024221.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024222.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024223.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024225.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024226.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024228.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024229.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024230.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024231.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024232.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024239.dll Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024245.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024246.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP4\A0000090.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP4\A0001090.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024553.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024677.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024683.dll Infected: not-a-virus:AdWare.Win32.MySearch.e skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024693.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024710.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP42\A0024735.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP44\A0024758.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP44\A0024769.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP44\A0024781.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP46\A0024804.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP47\A0024849.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP48\A0024873.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP5\A0001127.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP50\A0024907.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP51\A0024941.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP53\A0027023.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP53\A0027024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP53\A0027070.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP54\change.log Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP6\A0001147.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP6\A0001179.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP6\A0002179.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP7\A0004179.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0005196.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0005203.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0005214.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0006215.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007215.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007241.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007242.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007243.dll Object is locked skipped

C:\VundoFix Backups\mlljj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virusownloader.Win32.PopCap.b skipped

C:\WINDOWS\pfirewall.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\buigpxcg.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\ivkauoad.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\ysoibclu.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped

C:\WINDOWS\system32\ywprgeds.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped

C:\WINDOWS\Temp\ASHeuristic\mlljj.dll_bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

C:\WINDOWS\Temp\ASHeuristic\TBONWnd_EXE.vir Infected: not-a-virus:AdWare.Win32.BetterInternet.bf skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

HJ FILE
Logfile of HijackThis v1.99.1
Scan saved at 12:20:14 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\spider.exe
C:\HJT\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137009079765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://sister.viewnetcam.com:9005/bl_camera.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe


KASPERSKY ONLINE SCANNER REPORT
Saturday, November 04, 2006 12:18:30 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/11/2006
Kaspersky Anti-Virus database records: 238293


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 188298
Number of viruses found 26
Number of infected objects 164 / 0
Number of suspicious objects 3
Duration of the scan process 03:50:59

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\DSS\MachineKeys\9d4b0d651fccd7149f78f15e84eaaafb_ac6192cf-345b-4437-9f05-cd14f018195a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_ac6192cf-345b-4437-9f05-cd14f018195a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec8dde651f5ad85dd1f76f731c36b524_ac6192cf-345b-4437-9f05-cd14f018195a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Altnet4.zip/asmend.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Altnet4.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\sp352452548[2].htm Suspicious: Trojan-Downloader.JS.gen skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[6].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[6].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[7].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[8].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\MISS CAT\My Documents\Cathy\My Documents\betty_boop.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped

C:\Documents and Settings\MISS CAT\My Documents\Cathy\My Documents\betty_boop.exe WiseSFX: infected - 1 skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Vann\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\History\History.IE5\MSHist012006110420061105\index.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Vann\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Vann\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\Full Tilt Poker\vann1234.dat Object is locked skipped

C:\Program Files\TBONBin\tbon.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\Program Files\TBONBin\TBONWnd.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bf skipped

C:\Program Files\TBONBin\Uninstall.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\Program Files\VSAdd-in\VSAdd-in.dll Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc101.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc102.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc103.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc104.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc105.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc106.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc107.wmv Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc109.html Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc110.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc111.mbf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc112.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc113.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc114 Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc116.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc117.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc118.ppt Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc119.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc120.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc121.bcp Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc122.xlr Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc123\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc123\ZbThumbnail.info Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc124.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc125.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc126.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc127.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc128.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc129.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc130.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc131.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc132.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc133.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc134.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc135.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc136.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc137.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc138.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc139.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc140.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc141.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc142.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc143.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc144.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc145.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc146.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc147.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc148.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc149.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc150.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc151.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc152.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc153.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc154.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc155.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc156.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc157.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc158.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc159.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc160.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc161.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc162.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc163.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc164.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc165.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc166.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc167.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc168.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc169.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc170.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc171.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc172.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc173.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc174.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc175.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc176.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc177.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc178.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc179.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc180.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc181.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc182.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc183.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc184.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc185.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc186.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc187.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc188.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc189.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc190.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc191.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc192.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc193.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc194.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc195.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc196.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc197.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc198.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc199.txt Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc2.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc200.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc201.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc202.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc203.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc204.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc205.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc206.nra Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\AlbumArtSmall.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\Desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\Folder.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\~$debppic.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\~$laexash.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc208.trace Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc260\receive\0234.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc260\receive\Image001.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc261.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc262.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc263.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc264.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc265.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc266.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc267.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc268.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc269.htm Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc270.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc271.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc272.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc274.wav Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc276.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc277.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\carlos collage.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210046.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210047.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210048.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210049.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210050.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210051.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210052.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210053.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210054.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210055.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210056.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210057.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210058.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210059.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210060.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210061.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210062.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210063.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210064.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210065.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210066.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210067.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210069.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210070.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210071.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210072.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210073.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210074.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210075.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210079.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210080.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210081.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210082.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210083.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210096.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210098.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210099.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210100.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210101.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210102.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210103.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210104.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210105.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210106.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210107.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210108.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210109.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210110.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210111.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210112.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210113.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210115.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210116.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210117.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\stefania collage.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\orange and black.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\orangeandblack.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\test flyer.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\testflyer2.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\uncle vann collage.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\uncle vann collage2.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc287.html Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc288.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc289.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc290.mbf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc291.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc292\Desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc294.bcp Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc295.bcp Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc3\receive\bluskin.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc3\receive\blustud.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc3\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc76.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc77.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc78.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc79.mny Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc80.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc81\STUDZ.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc81\STUDZ5.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc81\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc82.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc83.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc84.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc85.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc86.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc87.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc88.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc89.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc90.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc91.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc92.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc93.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc94.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc95.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc96.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc97.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc98.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc99.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc107.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc108 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc109 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc110.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc111.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc112.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc17.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc23.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc24.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc25.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc26.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc31.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc32.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc34.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc61.mp3 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc64.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc65.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc66.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc67.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc68.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc73.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc74.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc75.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc76.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc78.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc79.wav Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc85\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc86.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc90.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc91.sav Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc94.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc95.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc96.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc97.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc98.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc99.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc163.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc164.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc183.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc204.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\01 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\02 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\03 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\Desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\(Can We) M.A.K.E. L.U.V. - Profyle.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\8 Ball (Remix) -NWA.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\A Dream-DeBarge.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\cathy test.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\Foe Life - Mack 10.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\junk recording.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\junk.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\more junk.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\Scream and Shout - Melvin Riley + Jamie Foxx.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\Seperated - Avant.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\She Wasn't Last Night - Jesse Powell.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\test junk.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\__INCOMPLETE___Prince - 7ce611dee0956a78f49773f6f04e2be23004b3dd100800000ac4400000134.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\26.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\26.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\03.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\03.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\06.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\06.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Uncle Vann's BirthDay Mix 2001\01.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Uncle Vann's BirthDay Mix 2001\01.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc233.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc238.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc239.bmp Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc289.mp3 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc291.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc297.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc298.bmp Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc313.jpeg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc316.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc83.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc99.WAV Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc14.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc15.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc16.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc17.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc18.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc19.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc20.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc21.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc7.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc8.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc9.jpg Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0007250.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0008249.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0008260.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0008270.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0009271.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP11\A0009315.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP11\A0010315.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP11\A0011315.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP12\A0011375.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP14\A0011418.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP14\A0012422.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0013424.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0013436.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0015442.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0016452.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0016464.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP17\A0017463.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP17\A0018463.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP18\A0019466.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP18\A0020463.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP19\A0020481.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP2\A0000004.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP2\A0000025.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP20\A0020520.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP21\A0020523.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP21\A0020550.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP22\A0021550.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP22\A0021575.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP24\A0021633.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP25\A0021662.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP27\A0021692.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP27\A0021693.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP27\A0021694.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0021723.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022609.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022610.dll Infected: not-a-virus:AdWare.Win32.Altnet.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022611.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022612.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022613.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022615.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022616.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022617.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022618.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022620.dll Infected: not-a-virus:AdWare.Win32.404Search.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022624.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0022712.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0022721.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0023851.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0023852.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024070.exe/Stream/data0001 Infected: Trojan-Downloader.Win32.Agent.aqh skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024070.exe/Stream Infected: Trojan-Downloader.Win32.Agent.aqh skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024070.exe Inno: infected - 2 skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024118.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024203.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024204.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024205.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024206.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024207.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024208.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024209.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024210.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024211.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024212.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024213.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024214.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024215.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024216.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024217.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024218.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024219.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024220.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024221.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024222.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024223.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024225.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024226.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024228.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024229.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024230.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024231.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024232.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024239.dll Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024245.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024246.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP4\A0000090.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP4\A0001090.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024553.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024677.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024683.dll Infected: not-a-virus:AdWare.Win32.MySearch.e skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024693.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024710.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP42\A0024735.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP44\A0024758.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP44\A0024769.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP44\A0024781.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP46\A0024804.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP47\A0024849.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP48\A0024873.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP5\A0001127.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP50\A0024907.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP51\A0024941.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP53\A0027023.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP53\A0027024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP53\A0027070.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP54\change.log Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP6\A0001147.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP6\A0001179.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP6\A0002179.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP7\A0004179.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0005196.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0005203.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0005214.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0006215.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007215.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007241.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007242.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007243.dll Object is locked skipped

C:\VundoFix Backups\mlljj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virusownloader.Win32.PopCap.b skipped

C:\WINDOWS\pfirewall.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\buigpxcg.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\ivkauoad.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\ysoibclu.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped

C:\WINDOWS\system32\ywprgeds.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped

C:\WINDOWS\Temp\ASHeuristic\mlljj.dll_bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

C:\WINDOWS\Temp\ASHeuristic\TBONWnd_EXE.vir Infected: not-a-virus:AdWare.Win32.BetterInternet.bf skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

HJ FILE
Logfile of HijackThis v1.99.1
Scan saved at 12:20:14 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\spider.exe
C:\HJT\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137009079765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://sister.viewnetcam.com:9005/bl_camera.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe


KASPERSKY ONLINE SCANNER REPORT
Saturday, November 04, 2006 12:18:30 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/11/2006
Kaspersky Anti-Virus database records: 238293


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 188298
Number of viruses found 26
Number of infected objects 164 / 0
Number of suspicious objects 3
Duration of the scan process 03:50:59

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\DSS\MachineKeys\9d4b0d651fccd7149f78f15e84eaaafb_ac6192cf-345b-4437-9f05-cd14f018195a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_ac6192cf-345b-4437-9f05-cd14f018195a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec8dde651f5ad85dd1f76f731c36b524_ac6192cf-345b-4437-9f05-cd14f018195a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Altnet4.zip/asmend.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Altnet4.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\sp352452548[2].htm Suspicious: Trojan-Downloader.JS.gen skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[6].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[6].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[7].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[8].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\MISS CAT\My Documents\Cathy\My Documents\betty_boop.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped

C:\Documents and Settings\MISS CAT\My Documents\Cathy\My Documents\betty_boop.exe WiseSFX: infected - 1 skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Vann\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\History\History.IE5\MSHist012006110420061105\index.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Vann\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Vann\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Vann\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\Full Tilt Poker\vann1234.dat Object is locked skipped

C:\Program Files\TBONBin\tbon.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\Program Files\TBONBin\TBONWnd.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bf skipped

C:\Program Files\TBONBin\Uninstall.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\Program Files\VSAdd-in\VSAdd-in.dll Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc101.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc102.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc103.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc104.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc105.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc106.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc107.wmv Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc109.html Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc110.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc111.mbf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc112.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc113.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc114 Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc116.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc117.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc118.ppt Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc119.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc120.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc121.bcp Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc122.xlr Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc123\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc123\ZbThumbnail.info Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc124.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc125.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc126.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc127.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc128.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc129.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc130.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc131.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc132.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc133.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc134.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc135.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc136.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc137.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc138.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc139.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc140.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc141.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc142.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc143.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc144.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc145.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc146.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc147.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc148.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc149.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc150.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc151.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc152.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc153.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc154.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc155.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc156.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc157.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc158.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc159.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc160.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc161.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc162.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc163.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc164.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc165.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc166.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc167.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc168.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc169.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc170.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc171.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc172.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc173.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc174.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc175.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc176.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc177.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc178.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc179.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc180.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc181.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc182.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc183.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc184.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc185.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc186.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc187.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc188.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc189.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc190.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc191.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc192.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc193.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc194.url Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc195.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc196.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc197.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc198.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc199.txt Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc2.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc200.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc201.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc202.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc203.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc204.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc205.wpl Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc206.nra Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\AlbumArtSmall.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\Desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\Folder.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\My Music\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\~$debppic.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc207\~$laexash.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc208.trace Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc260\receive\0234.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc260\receive\Image001.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc261.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc262.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc263.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc264.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc265.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc266.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc267.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc268.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc269.htm Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc270.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc271.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc272.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc274.wav Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc276.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc277.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\carlos collage.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210046.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210047.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210048.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210049.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210050.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210051.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210052.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210053.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210054.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210055.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210056.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210057.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210058.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210059.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210060.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210061.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210062.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210063.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210064.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210065.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210066.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210067.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210069.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210070.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210071.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210072.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210073.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210074.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210075.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210079.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210080.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210081.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210082.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210083.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210096.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210098.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210099.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210100.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210101.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210102.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210103.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210104.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210105.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210106.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210107.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210108.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210109.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210110.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210111.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210112.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210113.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210115.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210116.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\P7210117.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc279\stefania collage.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\orange and black.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\orangeandblack.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\test flyer.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\testflyer2.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\uncle vann collage.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc286\uncle vann collage2.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc287.html Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc288.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc289.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc290.mbf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc291.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc292\Desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc294.bcp Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc295.bcp Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc3\receive\bluskin.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc3\receive\blustud.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc3\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc76.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc77.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc78.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc79.mny Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc80.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc81\STUDZ.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc81\STUDZ5.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc81\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc82.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc83.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc84.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc85.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc86.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc87.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc88.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc89.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc90.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc91.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc92.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc93.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc94.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc95.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc96.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc97.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc98.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc99.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc107.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc108 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc109 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc110.psf Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc111.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc112.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc17.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc23.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc24.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc25.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc26.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc31.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc32.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc34.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc61.mp3 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc64.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc65.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc66.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc67.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc68.dat Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc73.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc74.exe Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc75.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc76.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc78.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc79.wav Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc85\Thumbs.db Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc86.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc90.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc91.sav Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc94.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc95.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc96.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc97.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc98.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1006\Dc99.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc163.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc164.cl5 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc175.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc176.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc177.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc183.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc204.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\01 Track 1.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\02 Track 2.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\03 Track 3.wma Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc211\Desktop.ini Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\(Can We) M.A.K.E. L.U.V. - Profyle.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\8 Ball (Remix) -NWA.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\A Dream-DeBarge.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\cathy test.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\Foe Life - Mack 10.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\junk recording.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\junk.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\more junk.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\Scream and Shout - Melvin Riley + Jamie Foxx.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\Seperated - Avant.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\She Wasn't Last Night - Jesse Powell.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\test junk.wav.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\All Users\Documents\My Music\__INCOMPLETE___Prince - 7ce611dee0956a78f49773f6f04e2be23004b3dd100800000ac4400000134.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\26.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\26.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\03.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\03.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\06.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Cat's Birthday Mix 2001\06.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Uncle Vann's BirthDay Mix 2001\01.mp3.ipk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc212\Documents and Settings\Vannessa\Desktop\Completed CD's\TFPT - Howie T\Uncle Vann's BirthDay Mix 2001\01.mp3.isk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc233.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc238.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc239.bmp Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc289.mp3 Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc291.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc297.lnk Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc298.bmp Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc313.jpeg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc315.exe Inno: infected - 3 skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc316.JPG Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc83.url Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1007\Dc99.WAV Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc14.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc15.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc16.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc17.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc18.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc19.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc20.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc21.BMP Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc7.doc Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc8.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-963639892-2690133624-1694720459-1008\Dc9.jpg Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0007250.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0008249.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0008260.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0008270.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP10\A0009271.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP11\A0009315.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP11\A0010315.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP11\A0011315.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP12\A0011375.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP14\A0011418.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP14\A0012422.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0013424.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0013436.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0015442.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0016452.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP16\A0016464.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP17\A0017463.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP17\A0018463.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP18\A0019466.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP18\A0020463.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP19\A0020481.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP2\A0000004.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP2\A0000025.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP20\A0020520.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP21\A0020523.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP21\A0020550.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP22\A0021550.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP22\A0021575.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP24\A0021633.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP25\A0021662.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP27\A0021692.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP27\A0021693.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP27\A0021694.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0021723.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022609.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022610.dll Infected: not-a-virus:AdWare.Win32.Altnet.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022611.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022612.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022613.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022615.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022616.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022617.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022618.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022620.dll Infected: not-a-virus:AdWare.Win32.404Search.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP28\A0022624.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0022712.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0022721.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0023851.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP32\A0023852.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024070.exe/Stream/data0001 Infected: Trojan-Downloader.Win32.Agent.aqh skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024070.exe/Stream Infected: Trojan-Downloader.Win32.Agent.aqh skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024070.exe Inno: infected - 2 skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP34\A0024118.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024203.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024204.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024205.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024206.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024207.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024208.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024209.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024210.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024211.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024212.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024213.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024214.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024215.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024216.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024217.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024218.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024219.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024220.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024221.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024222.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024223.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024225.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024226.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024228.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024229.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024230.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024231.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024232.exe Infected: not-a-virusownloader.Win32.WinFixer.r skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024239.dll Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024245.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP35\A0024246.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP4\A0000090.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP4\A0001090.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024553.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024677.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024683.dll Infected: not-a-virus:AdWare.Win32.MySearch.e skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024693.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP41\A0024710.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP42\A0024735.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP44\A0024758.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP44\A0024769.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP44\A0024781.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP46\A0024804.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP47\A0024849.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP48\A0024873.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP5\A0001127.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP50\A0024907.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP51\A0024941.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP53\A0027023.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP53\A0027024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP53\A0027070.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP54\change.log Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP6\A0001147.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP6\A0001179.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP6\A0002179.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP7\A0004179.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0005196.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0005203.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0005214.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0006215.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007215.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007241.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007242.dll Object is locked skipped

C:\System Volume Information\_restore{C36719A3-5166-4EBF-8055-1EFF3E82AC25}\RP9\A0007243.dll Object is locked skipped

C:\VundoFix Backups\mlljj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virusownloader.Win32.PopCap.b skipped

C:\WINDOWS\pfirewall.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\buigpxcg.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\ivkauoad.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\ysoibclu.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped

C:\WINDOWS\system32\ywprgeds.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped

C:\WINDOWS\Temp\ASHeuristic\mlljj.dll_bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.av skipped

C:\WINDOWS\Temp\ASHeuristic\TBONWnd_EXE.vir Infected: not-a-virus:AdWare.Win32.BetterInternet.bf skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Go here to download the trial version of AVG Anti-spyware.
Go here to download CCleaner.

Install CCleaner and open it.
Click Options > Advance > uncheck "Onlny delete files in Windows Temp folder older than 48 hours".
Close CCleaner.

Install and open AVGAS.
Click "Update" then click "Start update".
After updating, close AVGAS.

Turn off System Restore.
Right-click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click Apply then OK.

[bold]Note[/bold]: Print or copy these instructions to Notepad and asave them. You will be in safe mode and can't access the internet.

Restart in safe mode.

Open AVGAS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report" and save it to the desktop.

Show hidden files and folders.
Control Panel > Folder Options > View tab > check "Show hidden files and folders".

Delete everything [bold]in[/bold] these folders:
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\[bold]Content.IE5[/bold]
C:\Documents and Settings\Vann\Local Settings\Temporary Internet Files\[bold]Content.IE5[/bold]
C:\[bold]VundoFix Backups[/bold]

Delete these files and folders(if there):
C:\Documents and Settings\MISS CAT\My Documents\Cathy\My Documents\[bold]betty_boop.exe[/bold] <--file
C:\Program Files\[bold]TBONBin[/bold] <--folder
C:\Program Files\[bold]VSAdd-in[/bold] <--folder
C:\WINDOWS\System32\[bold]buigpxcg.exe[/bold] <--file
C:\WINDOWS\system32\[bold]ivkauoad.exe[/bold] <--file
C:\WINDOWS\system32\[bold]ysoibclu.exe[/bold] <--file
C:\WINDOWS\system32\[bold]ywprgeds.exe[/bold] <--file
Please tell me if the files are not there or access is denied when deleting.

Close all windows.
Open CCleaner click Run cleaner.

Restart in normal mode.
Post back with the AVGAS report and a new HijackThis log.

Also, how are things? Any more problems?

 

Besides, this freaking PC driving me nuts, all is well - thank you kindly for asking. I don't know what computer-challenged folks like me would do without guys/gals like you. Thanks again for all your help.Once I get all the junk off, I'd like to add some memory. I've had my PC for about 4 years, but it's a Dell and is pretty good despite these few hiccups.

By the way, I ran the CCleaner as you instructed, but I mistakenly closed the window before I could save the report. Of course I ran it again, and everything was gone. So here's what's left.

These items where not there, the rest I deleted. I actually deleted the entire Guest-Vann folder, because it was all junk.

C:\Documents and Settings\Vann\Local Settings\Temporary Internet Files\Content.IE5
C:\Program Files\TBONBin <--folder
C:\WINDOWS\system32\ysoibclu.exe <--file
C:\WINDOWS\system32\ywprgeds.exe <--file

Logfile of HijackThis v1.99.1
Scan saved at 1:57:42 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137009079765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://sister.viewnetcam.com:9005/bl_camera.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe

 

Fix this with HijackThis.
[bold]O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab [/bold]

Delete this file:
C:\WINDOWS\Downloaded Program Files\[bold]popcaploader.dll[/bold]

Open HijackThis.
Click "Open the Misc Tools section".
Click on "Open uninstall manager".
Click "Save list". Notepad will open with the list.
It will be saved in the HijackThis folder.

Please post the AVGAS report(if you saved it) along with the uninstall lost.

 

This file wasn't there after I deleted the entry from HJT.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Acoustica MP3 Audio Mixer
Adobe Photoshop 5.5
Audacity 1.2.3
AVG Anti-Spyware 7.5
AVG Free Edition
Bayden PopupPopper (remove only)
BookWorm Deluxe 1.01
CCleaner (remove only)
Full Tilt Poker
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
Law and Order Criminal Intent Vengeful Heart (remove only)
Lexmark Software Uninstall
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Web Components
Microsoft Visio Professional 2002 [English]
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSN
MSN Encarta Plus Support Files
MySpaceIM
OLYMPUS CAMEDIA Master 2.0
Panda ActiveScan
Scrabble
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Skype 1.2
Spybot - Search & Destroy 1.4
StatKing 2.7
Ultimate Bid Whist
UltimateBet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Verizon Online Support Center
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:31:31 PM 11/5/2006

+ Scan result:



C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : No action taken.
C:\Program Files\TBONBin -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\Uninstall.exe -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\tbon.exe -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : No action taken.
HKLM\SOFTWARE\Preview AdService -> Adware.BlazeFind : No action taken.
C:\WINDOWS\system32\ysoibclu.exe -> Adware.Searchcolor : No action taken.
C:\WINDOWS\system32\ywprgeds.exe -> Adware.Searchcolor : No action taken.
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : No action taken.
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : No action taken.
C:\VundoFix Backups\mlljj.dll.bad -> Adware.Virtumonde : No action taken.
C:\WINDOWS\Temp\ASHeuristic\mlljj.dll_bad.vir -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\1W4NTDCH\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\2FWPYDOR\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\G9AFKPIF\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\SX6ZCXYR\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\Guest.VANN-UACVNF5I7P\Local Settings\Temporary Internet Files\Content.IE5\WXAJGPU7\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@projectorpeople.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc30.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc27.txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@bannerfarm.ace.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc11.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc40.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc44.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ads.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc49.txt -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc51.txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@clickbank[2].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@cliks[2].txt -> TrackingCookie.Cliks : No action taken.
C:\Documents and Settings\MISS CAT\My Documents\Cathy\Cookies\cathy@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc54.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@e-2dj6wjk4khdpklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@e-2dj6wjnyekdpelo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@www.etracker[2].txt -> TrackingCookie.Etracker : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc36.txt -> TrackingCookie.Falkag : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc43.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc58.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ehg-electricbusiness.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@phg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc56.txt -> TrackingCookie.Hitbox : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc60.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@counter.hitslink[1].txt -> TrackingCookie.Hitslink : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc12.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc63.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@data4.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc39.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc6.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc55.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc13.txt -> TrackingCookie.Serving-sys : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc47.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc17.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@trafic[1].txt -> TrackingCookie.Trafic : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc18.txt -> TrackingCookie.Valueclick : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc25.txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@c5.zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\RECYCLER\S-1-5-21-1085031214-162531612-839522115-500\Dc28.txt -> TrackingCookie.Zedo : No action taken.


::Report end

 

You have to run AVGAS again. You didn't set the items found to quarantine.

Set the options to automatically set all items found to quarantine so you don't have to set them manually.

Open AVGAS.
Click Scanner, then click the Settings tab.
Under "How to act?" click and select "Quarantine".
Then, run AVGAS in safe mode again.
Remember to click "Apply all actions".
Then click "Save report" and please post it.

Good news is, looks like AVGAS is going to delete all the infections so things should be okay after that.

Restart in normal mode and turn System Restore back on.

Update Java.
Go here and download [bold]Java Runtime Environment 5.0 Update 9[/bold].
Uninstall all previous version and updates of JRE via [bold]Add/Remove Programs[/bold].
Restart and install [bold]Update 9[/bold].

Any more problems or symptoms?

 

First, thank you sooooo much for helping me with this - you're awesome. Here's the latest report and I noticed that there was no action taken against Trojan.BHO.g. Did I miss something?

Also, there's one other minor problem not related to the bugs. I get an installer window whenever I remove a program or search for a file. It says: " please wait while Windows configures Microsoft Premium 2000." I have to hit cancel several times before it finally engages the search or remove program task. It's not a major issue, but annoying all all the same. Your thoughts?


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:26:32 PM 11/8/2006

+ Scan result:



C:\Documents and Settings\MISS CAT\Cookies\miss_cat@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Vann\Cookies\vann@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ehg-electricbusiness.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ehg-realtytrac.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@counter.hitslink[1].txt -> TrackingCookie.Hitslink : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\MISS CAT\Cookies\miss_cat@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\HJT\backups\backup-20061104-075819-412.dll -> Trojan.BHO.g : No action taken.
C:\WINDOWS\system32\fshhivmp.dll -> Trojan.BHO.g : No action taken.


::Report end

 

I know we set AVGAS' settings to automatically set items to quarantine, but sometimes it won't. Each time you run AVGAS you need to scroll through all the entries and set them to either delete or quarantine. (cookies can only be deleted) After you set the entires you have to click "Apply all Actions" or AVGAS will not do anything to the found entries. Don't worry though, you don't have to run it again. You can manually delete the BHO it found.

Close IE then delete this file:
C:\WINDOWS\system32\[bold]fshhivmp.dll[/bold]

CCleaner will take care of the cookies. Run it often.

About your problems with removing programs and searching files:
I'm not sure what that's about or how to fix it, but you could try re-installing Microsoft Office.

Should be clean now, but please post one last HjT log. I would like to look over it to make sure nothing has came back.

 

I went to manually delete that BHO file, and it wasn't there. Weird, but it's gone. Here's the latest HJT file.

Logfile of HijackThis v1.99.1
Scan saved at 2:14:24 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LMabcoms.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137009079765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://sister.viewnetcam.com:9005/bl_camera.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe

 

I went to manually delete that BHO file, and it wasn't there. Weird, but it's gone. Here's the latest HJT file.

Logfile of HijackThis v1.99.1
Scan saved at 2:14:24 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LMabcoms.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137009079765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://sister.viewnetcam.com:9005/bl_camera.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe

 

It may be hidden. Did you show hidden files and folders?

If not, show hidden files and folders.
Start > Control Panel > Folder Options > View tab > check "Show hidden files and folders".
Click Apply, then OK.

Then find and delete the file. If access is denied delete it in safe mode. If it's not there, don't worry, AVGAS may have removed it.

Your HjT log still looking good. Nothing returned.

One last thing. I don't see a firewall running. A firewall is [bold]very[/bold] important! You may use the Windows firewall, but that's not enough protection. Do you have one?

 

Yes, the display hidden folders option is still checked and still no signs of that file. I'll run another scan in safe mode later on to make sure it's gone.

Unfortunately, I'm only running my Windows firewall - always thought it was good enough. Since you mentioned it, I'm sure you have a recommendation for something more secure.