Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Police Pro


  • This topic is locked This topic is locked
3 replies to this topic

#1 tuneintonyo

tuneintonyo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 06 October 2009 - 08:01 PM

Had originally posted in Do I have a Virus Forum...
Nothing working. Police Pro had been found and I followed directions to remove. Now, still no icons, no desktop, no start menu, no explorer. When running malwarebytes or any other scan they shut off at the very end after scanning. Malware bytes no produces no findings and completes.


DDS (Ver_09-09-29.01) - NTFSx86
Run by Theresa Chamberlain at 17:31:27.68 on Tue 10/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.92 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Theresa Chamberlain\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=xls
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Cpqset] c:\progra~1\hpq\default settings\cpqset.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Search - ?p=ZUxdm265LWUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/v2.15/cab/aolpPlugins.10.6.0.8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli kujonage.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-6 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-25 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-25 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-6 348824]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-10-6 1097096]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S1 SABKUTIL;SABKUTIL;\??\f:\sabkutil.sys --> f:\SABKUTIL.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S3 cpuz128;cpuz128;\??\c:\docume~1\theres~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\theres~1\locals~1\temp\cpuz_x32.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]

=============== Created Last 30 ================

2009-10-06 15:15 166 a------- c:\windows\system32\Compress.res
2009-10-06 15:14 230 a------- c:\windows\reimage.ini
2009-10-06 15:14 <DIR> --d----- C:\rei
2009-10-06 15:14 <DIR> --d----- c:\program files\Reimage
2009-10-06 13:48 <DIR> --d----- c:\program files\Trend Micro
2009-10-06 13:13 <DIR> --ds---- C:\ComboFix
2009-10-06 13:13 389,120 a------- c:\windows\system32\CF16204.exe
2009-10-06 12:55 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-10-06 12:49 <DIR> --d----- c:\windows\ERUNT
2009-10-06 12:48 <DIR> --d----- C:\SDFix
2009-10-06 10:40 229,888 a------- c:\windows\PEV.exe
2009-10-06 10:40 161,792 a------- c:\windows\SWREG.exe
2009-10-06 10:40 98,816 a------- c:\windows\sed.exe
2009-10-06 10:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-06 09:59 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-06 09:59 <DIR> --d----- c:\docume~1\theres~1\applic~1\SUPERAntiSpyware.com
2009-10-06 09:58 <DIR> --d----- c:\program files\SpyNoMore
2009-10-06 09:00 <DIR> --d----- c:\docume~1\theres~1\applic~1\Malwarebytes
2009-10-06 08:57 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-06 08:57 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-06 08:57 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-06 08:57 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-06 08:56 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-06 08:56 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-06 08:56 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-06 08:56 <DIR> --d----- c:\docume~1\theres~1\applic~1\PC Tools
2009-10-06 08:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-06 07:28 389,120 a------- c:\windows\system32\CF11007.exe
2009-10-06 07:11 1,152 a------- c:\windows\system32\windrv.sys
2009-10-05 22:22 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 22:22 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-05 22:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 22:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-05 17:39 1,724,894 a------- C:\RRT.exe
2009-10-04 09:39 16,216 a------- c:\windows\gilume.dat
2009-10-04 09:39 15,638 a------- c:\program files\common files\vaqyqo.dat
2009-10-04 09:39 15,544 a------- c:\windows\noxuro.com
2009-10-04 09:39 10,489 a------- c:\windows\zivynu._sy
2009-10-04 08:57 131,731 a------- c:\windows\system32\dbsinit.exe
2009-10-04 08:52 25 a------- c:\windows\system32\wwp.htm
2009-10-03 16:19 5,632 a------- C:\efbcmkj.exe
2009-09-17 04:53 1,380,403 a------- c:\windows\system32\avgsdk.dll
2009-09-08 17:20 153,088 -------- c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-10-04 08:49 38,912 a--sh--- c:\windows\system32\rujamika.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 06:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 06:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-01-30 15:04 17,646 a------- c:\docume~1\theres~1\applic~1\wklnhst.dat

============= FINISH: 17:32:49.04 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/06 17:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAAD5D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8AA8000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF8AC5000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAA64E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\occache\occache
Status: Locked to the Windows API!

Path: C:\WINDOWS\Config\Config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: C:\WINDOWS\addins\addins
Status: Locked to the Windows API!

Path: C:\WINDOWS\mui\mui
Status: Locked to the Windows API!

Path: C:\WINDOWS\Debug\UserMode\UserMode
Status: Locked to the Windows API!

Path: C:\WINDOWS\Options\Install\Install
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\ERRORREP
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\temp\temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\tmp\tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\msapps\msinfo\msinfo
Status: Locked to the Windows API!

Path: C:\WINDOWS\Registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp98\imejp98
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\trustlib\trustlib
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Status: Locked to the Windows API!

Path: C:\WINDOWS\Sun\Java\Deployment\Deployment
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\chsime\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\CHTIME\Applets\Applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imjp8_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\dicts\dicts
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\shared\res\res
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (53).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (14).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (15).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (16).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (46).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (17).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (19).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (21).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (22).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (23).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (24).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (25).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (27).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (28).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (29).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (35).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (38).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (40).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (41).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (42).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (43).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (45).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (47).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (48).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (49).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (50).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (51).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (52).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (54).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (55).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (56).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (57).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (58).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (59).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (60).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (61).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (62).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (64).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (66).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (67).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (69).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (70).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (71).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (72).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (73).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (74).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (75).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (76).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (77).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (79).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (80).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (81).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (82).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (83).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (84).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (85).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (86).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (87).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (89).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (90).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (91).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (92).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (93).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (94).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (95).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (96).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (97).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (99).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (100).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (101).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (102).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (103).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (104).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (105).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (106).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (107).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (109).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (110).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (111).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (112).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (113).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (114).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (115).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (116).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (117).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (119).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (120).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (121).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (122).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (123).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (124).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (125).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (126).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (127).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (63).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (65).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (68).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (78).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (88).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (98).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (108).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (118).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (128).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (138).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (144).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (149).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2 (4).mov
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June (14).mov
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (129).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_June2006\Allstars_kayaking_bchpartyLizzy_SanClementecamping_Jun (130).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Theresa Chamberlain\My Documents\My Pictures\Allstars_kayaking_bchpartyLizzy_SanClementecamping_SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf831ed72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf82ff9a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf82ffb98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf831f568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf831f820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf831da80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf831fc8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf831f036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf82ff656

==EOF==

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:54 AM

Posted 14 October 2009 - 12:31 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 tuneintonyo

tuneintonyo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 14 October 2009 - 10:40 AM

Re-installed windows. Could not figure out the issue.

Thanks,

TonyO

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:54 AM

Posted 14 October 2009 - 01:06 PM

Ok. Thanks for letting us know.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users