Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Purityscan.am Adware


  • Please log in to reply
14 replies to this topic

#1 diyahnih

diyahnih

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:02:05 PM

Posted 15 September 2006 - 08:59 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:35:20 AM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ntvdm.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SoftForYou\iRejectTrash\irt.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthisfolder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp?r=al&cf=sp&...amp;O=A&UT=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = diyahnih's browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8100;gopher=127.0.0.1:8100;http=localhost:4128;https=127.0.0.1:8100;socks=127.0.0.1:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
F3 - REG:win.ini: load= HPLJSW.EXE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Sandboxie - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - C:\Program Files\Sandboxie\SandboxieToolbar.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Sandboxie - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - C:\Program Files\Sandboxie\SandboxieToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iRT] "C:\Program Files\SoftForYou\iRejectTrash\irt.exe" -h
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] "C:\Program Files\Comodo\LaunchPad\CLPTray.exe"
O4 - HKLM\..\Run: [jv16PT - Privacy Protector] C:\Program Files\jv16 PowerTools 2005\jv16PT.exe -ExecTask "C:\Program Files\jv16 PowerTools 2005\Tasks\_PrivacyProtector\Task.jvb"
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [Uniblue Quick Access] "C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe" /startup
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O9 - Extra button: Sandboxie Toolbar - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\Program Files\Sandboxie\SandboxieToolbar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Sandboxie - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\Program Files\Sandboxie\SandboxieToolbar.dll (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 15 September 2006 - 02:31 PM

Hi diyahnih, :thumbsup:

We're studying your log and will be back to you a.s.a.p.

Thanks for your patience. :flowers:

#3 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 16 September 2006 - 10:38 AM

HI diyahnih,

Welcome to BleepingComputer Forums and thanks again for your patience.

1. We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

You may re-enable it again when your computer is clean; I will let you know!

2. Run HijackThis, click Scan and checkmark the following entries:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)
O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


If you installed these Poker programs and wish to use them then its fine to ignore. If you didn't install them intentionally then the entries can be fixed using HijackThis, that is checkmark them. These are optional fixes because in some cases, the programs are supported by malware and get installed without consent.

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

3. If you decided to fix partypoker: Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following folder in bold if listed:

C:\Program Files\PartyGaming\PartyPoker

4. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

5. Perform an onlinescan with Panda: Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a few minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together a fresh HijackThis log

#4 diyahnih

diyahnih
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:02:05 PM

Posted 17 September 2006 - 12:02 PM

Falu,
i am following the things you said to do. will post hjt log when through.

diyahnih

#5 diyahnih

diyahnih
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:02:05 PM

Posted 17 September 2006 - 05:37 PM

Incident Status Location

Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8.inf
Adware:Adware Program Not disinfected C:\WINDOWS\Downloaded Program Files\WildApp.inf
Adware:adware/dealhelper Not disinfected C:\WINDOWS\dsearch1.bin
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\biB.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf
Virus:Trj/Keyhost.A Disinfected C:\WINDOWS\inf\host.inf
Virus:Trj/Downloader.L Disinfected C:\WINDOWS\inf\susp.inf
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:Adware/Beginto Not disinfected C:\WINDOWS\system32\desktrf.exe[winbbb.dat]
Adware:Adware/SaveNow Not disinfected C:\WINDOWS\system32\fullsrbndl.exe
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\system32\InstallerV2.exe[ExtractDLL.dll]
Potentially unwanted tool:Application/MyWay Not disinfected C:\WINDOWS\system32\Xcite.dll
Spyware:spyware/adclicker Not disinfected C:\WINDOWS\usta33.ini

--------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:28:56 PM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SoftForYou\iRejectTrash\irt.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sandboxie\Control.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthisfolder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp?r=al&cf=sp&...amp;O=A&UT=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = diyahnih's browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
F3 - REG:win.ini: load= HPLJSW.EXE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Sandboxie - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - C:\Program Files\Sandboxie\SandboxieToolbar.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Sandboxie - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - C:\Program Files\Sandboxie\SandboxieToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iRT] "C:\Program Files\SoftForYou\iRejectTrash\irt.exe" -h
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] "C:\Program Files\Comodo\LaunchPad\CLPTray.exe"
O4 - HKLM\..\Run: [jv16PT - Privacy Protector] C:\Program Files\jv16 PowerTools 2005\jv16PT.exe -ExecTask "C:\Program Files\jv16 PowerTools 2005\Tasks\_PrivacyProtector\Task.jvb"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O9 - Extra button: Sandboxie Toolbar - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\Program Files\Sandboxie\SandboxieToolbar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Sandboxie - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\Program Files\Sandboxie\SandboxieToolbar.dll (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{61D73AEC-1DA4-46C0-95FC-718EB8C8C22D}: NameServer = 64.136.20.121 64.136.28.121
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

diyahnih

#6 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 18 September 2006 - 03:23 PM

Hi diyahnih, :thumbsup:

Did you really fix the entries with HijackThis as instructed?

1. Disable Windows Defender again.

2. Download KillBox from here:

KillBox

Unzip the folder to your desktop: right click and choose Extract all. Do not run it yet.

3. Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

4. Run HijackThis, click Scan and checkmark the following entries:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)
O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


If you agreed checkmark these two as well:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

5. Using Windows Explorer, please delete the following folder in bold if listed:

C:\Program Files\PartyGaming\PartyPoker<< If you agreed!

6. Run Killbox:

* Start Killbox.exe
* Select the Delete on Reboot option.
* Click on the All Files button.
* Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8.inf
C:\WINDOWS\Downloaded Program Files\WildApp.inf
C:\WINDOWS\dsearch1.bin
C:\WINDOWS\inf\biB.inf
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\kwv2.dat
C:\WINDOWS\system32\desktrf.exe
C:\WINDOWS\system32\fullsrbndl.exe
C:\WINDOWS\system32\InstallerV2.exe
C:\WINDOWS\system32\Xcite.dll
C:\WINDOWS\usta33.ini


* Go to the File menu of Killbox, and choose Paste from Clipboard.
NOTE: You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
* Click the Delete File button that is a red-and-white X. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

7. Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post the Kaspersky report together with a fresh HijackThis log for review.

#7 diyahnih

diyahnih
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:02:05 PM

Posted 20 September 2006 - 01:34 AM

Falu,
i am really having problems with IE6 & firefox loading to go on the internet. Had to uninstall & reinstall firefox (deleted firefox folder also). have found lots of adware, trojans--downloaded SpySweeper to help clean computer. i have deleted party poker entries using HiJack this. computer seems to be freezing up alot. IE6 takes about 4 minutes to load for internet use--won't come up. Will try Killbox also. and Kaspersky scan.


diyahnih

#8 diyahnih

diyahnih
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:02:05 PM

Posted 21 September 2006 - 11:41 AM

Falu,

Logfile of HijackThis v1.99.1
Scan saved at 12:17:23 PM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SoftForYou\iRejectTrash\irt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\hijackthisfolder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp?r=al&cf=sp&...amp;O=A&UT=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = diyahnih's browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8100;gopher=127.0.0.1:8100;http=localhost:4128;https=127.0.0.1:8100;socks=127.0.0.1:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
F3 - REG:win.ini: load= HPLJSW.EXE
O1 - Hosts: Copyright © 1991-1999 Microsoft Corp.
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: (no name) - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iRT] "C:\Program Files\SoftForYou\iRejectTrash\irt.exe" -h
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] "C:\Program Files\Comodo\LaunchPad\CLPTray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#9 diyahnih

diyahnih
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:02:05 PM

Posted 21 September 2006 - 11:49 AM

Falu,

Here is the Kaspersky scan--could not include all of report---exceeds space limits.

KASPERSKY ONLINE SCANNER REPORT
Thursday, September 21, 2006 7:28:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/09/2006
Kaspersky Anti-Virus database records: 212119


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 56881
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 00:59:02

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ad26fd5daae302cda25d074a0dc1444_92e7893c-e217-4903-90ea-e06d95a692cb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b86dc31208d00188c1c9b441a7f8f8c_92e7893c-e217-4903-90ea-e06d95a692cb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea563f5ed0b8ea72081a19b9b561dd25_92e7893c-e217-4903-90ea-e06d95a692cb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-06072006-123247.log Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\CreatePDFWinColor.ico Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\CreatePDFWinGray.ico Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\SearchPDFWinColor.ico Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\SearchPDFWinGray.ico Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\WHAppList.xml Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\amibabe877\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\amibabe877\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\amibabe877\Resources\CurrentSettings.xml Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\amibabe877\secmod.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\amibabe877\urlcache\aim3.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\amibabe877\urlcache\urlcache.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\amibabe877\userinfo.bag Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D2026C Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D20472 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D205A1 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D214A9 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D21883 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D2188D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D21C52 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D22471 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D233DE Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D23AF5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D242C9 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D25DF6 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D25F65 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D25FE1 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D263D4 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D263F1 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D2683E Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D273D5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D2786A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D28365 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D2836C Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D28378 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D29F0B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D29F14 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201D2A56D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E0115F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E02934 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E02938 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E031D5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E058A9 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E0592D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E0592F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E06485 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E068C0 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E06933 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E06934 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E06C30 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E07674 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E077C3 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E07826 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\0201E07BBF Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\2B000004A2 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\2B0000058F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\0\2B00001D62 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D2026C Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D20472 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D205A1 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D214A9 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D21883 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D2188D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D21C52 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D21D5A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D22471 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D23AF5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D242C9 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D25DF6 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D25F65 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D25F66 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D25FE1 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D263C0 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D263D4 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D263F1 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D2673B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D2683E Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D273D5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D2786A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D28365 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D2836C Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D28378 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D29587 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D29C8E Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D29F0B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D29F14 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201D2A56D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E0115F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E02934 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E02938 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E031D5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E0583D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E058A9 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E0592D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E0592F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E06485 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E068C0 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E068E2 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E06933 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E06934 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E06C30 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E06C53 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E06F18 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E07674 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E07765 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E077C3 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E07826 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0201E07BBF Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\09B5AE041D906F1C68D6C9ECEAAD1598 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\0C8B8999FD1039558148D8637CE8C883 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\19CED31C4CF0528A1F66C20EC8BB3E22 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\1C260F6474BBF94FE4A987713718E332 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\1F4E70D397B87D4162FE4FB0DFF3EC44 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\283A676897A0EF7E3C5A252A6460313D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\28B3148A89941804B4AE87E0815F1387 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\2B000004A2 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\2B0000058F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\2B00001957 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\2B00001BB8 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\2B00001D62 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\30CD469F3221BE1866824AC8C76570DF Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\32D392F77E7E9CAD84766C2EB5BC5D1F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\33BF1A6B858732090728FF1147D0B229 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\3A5631D9C9F0DD34213488EC875C0CCC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\436F5B1A1123C376B1B947F91C6F62FC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\47C66FB078547B35FA4573BFC1A922BC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\4DEE65FF9EA5D4A4FC05436D92B299AB Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\55038193D6665097CC67999C7F956784 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\569601FD5D62ECD4D32CCDEF4929BFE5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\647E8D37BDF403E8A00F3413D24E1A6F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\64AFE331BA0B58873A05F64CCE5731EE Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\68A9818770C6E69148848288CD46E8F0 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\6C21CA4CBC0781FC9AA1B125D1E26BB5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\73111FB3FEFDCA058FD2CA73A3BCF3DD Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\7A24EF55C8D8E0C1C22B7C5845A7EDB9 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\7CA06717824F3D7365BF47B7527F5FA3 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\8A40304E2F6A0676EF26DEDD73A93057 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\94666399673A9BEC107BBF0F629EDE4F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\977EE761B7D06C48A81C5ED4417D0668 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\9FE1FD0476D12A093B66A36A5C205FF7 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\A2EB5613767B6A5C4073332ECFB61147 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\A34F71B33825CF647DF190017FA20DDC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\B238D3B133C73A760A8B16DBDB4DF248 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\B45A0B95F997826B02A0989AA4DD4B21 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\BDF7AFAB1261AD95CB6171ABE93459D3 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\C5E60A456FEDB2FF7727EAA949036E8A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\CC7197A1B757B986E50D1C6C1E9B65A5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\CF5E7F6A42B10B566F1B7490100F9325 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\D08B8CCD0EA10D2525ACDCF50730FD22 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\D35B3CC09F42BA53AAB8EDB85E9AA4BA Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\D41D8CD98F00B204E9800998ECF8427E Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\D5B55DB4FE571110B1596DB7B59AFD5C Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\D9DE23775A61287B120492108E52D257 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\DF7BB1A0E85F07B9FF7424F1305F46E5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\E035A2A652F524B0B4AFC82F618B8654 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\E322D3C070B7689965F88BDC59B4BA94 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\E382FB11CCA7C2BF366B6517079055EB Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\E9F040EF0B206AD5A6A63625B77A26AD Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\F069E47CCFA067702A5BE62102103EC3 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\F64973BC406558E5AD743507F6D580BC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\FA1AC8E86C18E6265F0CE5C11FD9A970 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\FAF7EC59F4829637CECB589B344AEBED Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1\FB70736857EE62A59CD222B8E2D002FC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1024\0201D2956B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1024\0201E05FD0 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\1024\2B00000259 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D20DF5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D20F6A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D20F80 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D20F82 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D210D1 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D2152D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D215EC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D215F1 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D21641 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D21655 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D225D7 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D22A34 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D22A9A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D24F8E Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D2525B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D264D4 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D268C8 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D26D68 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D27312 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D273B3 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D27400 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D278A7 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D283DA Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D283EA Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D2901E Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D2901F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D292F9 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D29888 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D29BF2 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D2A0F3 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201D2A547 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E00F92 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E00FD4 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E0182E Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E02946 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E02948 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E05608 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E058DB Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E06C67 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E06F60 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E075BE Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\0201E075C5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\2B0000131D Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\2B00001465 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\2B00001BC7 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\129\2B00001D99 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\130\2B00001E6A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D20733 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D21A38 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D21DA5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D21E86 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D23EF7 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D23F1A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D24016 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D29154 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D2915F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D29160 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D291F0 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D29BFC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D2A679 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201D2A6BA Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201E05563 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201E05571 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201E05584 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201E06AE4 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201E06FC8 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\0201E075DE Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\131\05696D73656E64 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D20DB4 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D21A38 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D21C91 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D21DA5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D21E86 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D23565 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D23EF7 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D23F1A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D2539B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D25DB8 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D25F17 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D2915F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D29160 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D29168 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D2917B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D291A6 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D291D0 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D291F0 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D29BFC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D29C7F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D2A669 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D2A679 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D2A6B7 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D2A6BA Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201D2A6CD Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201E0112A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201E05584 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201E06AE4 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201E06FC8 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201E076F8 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0201E07B2C Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\05696D73656E64 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\0574616C6B626567 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\2B00000719 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\3\2B00000E7A Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\206261627970616E6461 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\206261736B657462616C6C32 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\2062756773 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\206D6D726564 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\206D75736963 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\206E666C646F6C7068696E73 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\20736E6F7762616C6C Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\20736E6F77666C616B65 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\2B0000171E Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\2B00001DDB Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\5\C4F199E4A5ED7D001E2678BD35D9645B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D20DB4 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D21A38 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D21DA5 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D23EF7 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D2539B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D25F17 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D2915F Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D2917B Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D291F0 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D29BFC Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D2A679 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D2A6BA Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201D2A6CD Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201E05584 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\0201E06FC8 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\bartcache\96\05696D73656E64 Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennsBaby4Life\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennsBaby4Life\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennsBaby4Life\Resources\CurrentSettings.xml Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennsBaby4Life\secmod.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennsBaby4Life\urlcache\aim3.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennsBaby4Life\urlcache\cookie.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennsBaby4Life\urlcache\urlcache.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennsBaby4Life\userinfo.bag Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\addrbook.abk Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\info.htm Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\Resources\CurrentSettings.xml Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\secmod.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim22.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim24.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim30.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim33.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim34.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim3F.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim42.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim43.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim45.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim46.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim47.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\aim5F.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\cookie.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\urlcache\urlcache.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\GlennslilBaby\userinfo.bag Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\goku3426\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\goku3426\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\goku3426\Resources\CurrentSettings.xml Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\goku3426\secmod.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\goku3426\urlcache\aim46.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\goku3426\urlcache\aim6E.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\goku3426\urlcache\cookie.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\goku3426\urlcache\urlcache.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\goku3426\userinfo.bag Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\info.htm Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\Resources\CurrentSettings.xml Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\secmod.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim1F0.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim1FD.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim38.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim3E.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim63.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim67.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim68.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim69.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim79.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim7C.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim8E.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim94.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aim9F.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\aimBB.tmp Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\cookie.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\urlcache\urlcache.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\Loved4Life011\userinfo.bag Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\PlayBoyBunny2384\addrbook.abk Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\PlayBoyBunny2384\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\PlayBoyBunny2384\info.htm Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\PlayBoyBunny2384\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\PlayBoyBunny2384\Resources\CurrentSettings.xml Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\nyjmtjgo\PlayBoyBunny2384\secmod.db Object is locked skipped


#10 diyahnih

diyahnih
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:02:05 PM

Posted 21 September 2006 - 11:51 AM

Falu,
how do you unlock these files? Is there any utilitie besides "Unlocker Assistant" ?


diyahnih

#11 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 22 September 2006 - 09:09 AM

Hi diyahnih, :thumbsup:

To start with your question relating to the Kaspersky report:

how do you unlock these files?


You shouldn't unlock those files since 'Object locked and skipped' means the file is in-use by Windows such as certain logs, system restore areas, etc., and can't be released for the antivirus to scan it.
Most antivirus scanners will list what couldn't be scanned due to it/them being locked, and others simply give a numbered count. All Windows OSes will have locked in-use files.

The report shows that Kaspersky came out very clean.

1. Disable Windows Defender again and SpySweeper and Winpatrol.

> You have the instructions for Windows Defender.

> To disable SpySweeper:

Open it, click > Options over to the left then > Program Options > Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

> To disable Winpatrol:

1. Right Click the 'Scotty Dog' icon in the system tray
2. Click Always Run Winpatrol

2. Run HijackThis, click Scan and checkmark the following entries:

O1 - Hosts: Copyright 1991-1999 Microsoft Corp.
O3 - Toolbar: (no name) - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - (no file)


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

Post a fresh HijackThis log for review and let me know how things are running now.

#12 diyahnih

diyahnih
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:02:05 PM

Posted 25 September 2006 - 11:03 PM

Falu,
Here is the HJT log--sorry it took a couple of days.


Logfile of HijackThis v1.99.1
Scan saved at 8:19:57 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ntvdm.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SoftForYou\iRejectTrash\irt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\hijackthisfolder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp?r=al&cf=sp&...amp;O=A&UT=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = diyahnih's browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8100;gopher=127.0.0.1:8100;http=localhost:4128;https=127.0.0.1:8100;socks=127.0.0.1:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
F3 - REG:win.ini: load= HPLJSW.EXE
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iRT] "C:\Program Files\SoftForYou\iRejectTrash\irt.exe" -h
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] "C:\Program Files\Comodo\LaunchPad\CLPTray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe



diyahnih

#13 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 26 September 2006 - 11:13 AM

Hi diyahnih, :thumbsup:

This log looks very clean as well! Nevertheless still some things to do before you're ready to go.

1. Remove previous restore points and set a new one to purge any malware that may have been backed up:

Click Start>Help and Support>Undo changes to your computer with System Restore
Click Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

This will remove all previous restore points except the newly created one.

2. In order to prevent future infections follow these recommendations:

a. Visit Windows Update on a regular basis to stay current with critical updates.

b. Install and run the following free programs:

* Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here!

* Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found
here! Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

* SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here!

* SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here!

* IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Keep all these programs (including your anti-virus) up-to-date and run them regularly.
If you do not update regularly they will not be able to catch any of the new variants that may come out.

c. I recommend you to read Tony Klein's excellent article: So how did I get infected in the first place?

d. If you want to fight back the Malware Writers, please take a look here!

Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BleepingComputer Forums, we also help people with other computer problems! Do not forget to tell your friends about us!

Good luck! :flowers:

#14 diyahnih

diyahnih
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:02:05 PM

Posted 27 September 2006 - 04:04 PM

Falu,

Thanks so much for your help in cleaning my computer, and the information you included about the software + the help sites.
I really appreciate it. :thumbsup:

again thank-you
diyahnih :flowers:

#15 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 27 September 2006 - 05:19 PM

Hi diyahnih, :thumbsup:

You're very welcome. Like I said: glad I could help. :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users