PDA

View Full Version : Virus threats on my computer (HJT log)



KatChick254
2008-01-08, 14:26
Hi :) I know that I just recently posted a thread asking for assistance in cleaning my mom's computer, but now I'd like to request help in cleaning up my own.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:02 AM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Ringo\Hub.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Ringo Launcher.lnk = C:\Program Files\Ringo\Hub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm471YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Program Files\Y!mLite\ymlite.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://bookmarks.yahoo.com/YbConvFav.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12252 bytes

KatChick254
2008-01-08, 15:01
I apologize, my Kaspersky log is too long to fit into one post, and since I already started this as a reply I'm afraid I'll have to begin with 3 posts. :sad:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 08, 2008 5:22:45 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/01/2008
Kaspersky Anti-Virus database records: 504096
Scan Statistics:
Total number of scanned objects: 80500
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 02:01:05
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Admin\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012008010820080109\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\000_0031.jpg_168_268435460 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\000_0032.jpg_169_268435462 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\000_0033.jpg_170_268435464 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\000_0034.jpg_171_268435466 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\000_0035.jpg_172_268435468 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0009.jpg_4_1342177282 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0010.jpg_5_1342177284 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0011.jpg_6_1342177286 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0012.jpg_7_1342177288 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0013.jpg_8_1342177290 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0014.jpg_9_1342177292 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0015.jpg_10_1342177294 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0016.jpg_11_1342177296 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0018.jpg_12_1342177298 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0019.jpg_13_1342177300 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0021.jpg_14_1342177302 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0022.jpg_15_1342177304 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0023.jpg_16_1342177306 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0024.jpg_17_1342177308 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0025.jpg_18_1342177310 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0026.jpg_19_1342177312 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0027.jpg_20_1342177314 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0028.jpg_21_1342177316 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0029.jpg_22_1342177318 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0030.jpg_23_1342177320 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0031.jpg_24_1342177322 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0032.jpg_25_1342177324 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0033.jpg_26_1342177326 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0034.jpg_27_1342177328 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0035.jpg_28_1342177330 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0036.jpg_29_1342177332 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0037.jpg_30_1342177334 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0038.jpg_31_1342177336 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0039.jpg_32_1342177338 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0040.jpg_33_1342177340 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0041.jpg_34_1342177342 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0042.jpg_35_1342177344 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0043.jpg_36_1342177346 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0045.jpg_37_1342177348 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0046.jpg_38_1342177350 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0047.jpg_39_1342177352 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0048.jpg_40_1342177354 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0049.jpg_41_1342177356 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0050.jpg_42_1342177358 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0051.jpg_43_1342177360 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0052.jpg_44_1342177362 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0053.jpg_45_1342177364 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0054.jpg_46_1342177366 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0055.jpg_47_1342177368 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0056.jpg_48_1342177370 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0057.jpg_49_1342177372 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0058.jpg_50_1342177374 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0059.jpg_51_1342177376 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0060.jpg_52_1342177378 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0061.jpg_53_1342177380 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0062.jpg_54_1342177382 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0064.jpg_55_1342177384 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0065.jpg_56_1342177386 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0066.jpg_57_1342177388 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0067.jpg_58_1342177390 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0068.jpg_59_1342177392 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0069.jpg_60_1342177394 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0070.jpg_61_1342177396 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0071.jpg_62_1342177398 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0072.jpg_63_1342177400 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0073.jpg_64_1342177402 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0074.jpg_65_1342177404 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0075.jpg_66_1342177406 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0076.jpg_67_1342177408 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0078.jpg_68_1342177410 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0079.jpg_69_1342177412 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0080.jpg_70_1342177414 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0081.jpg_71_1342177416 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0082.jpg_72_1342177418 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0083.jpg_73_1342177420 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0084.jpg_74_1342177422 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0086.jpg_75_1342177424 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0087.jpg_76_1342177426 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0088.jpg_77_1342177428 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0089.jpg_78_1342177430 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0090.jpg_79_1342177432 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0091.jpg_80_1342177434 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0092.jpg_81_1342177436 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0093.jpg_82_1342177438 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0094.jpg_83_1342177440 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0095.jpg_84_1342177442 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0096.jpg_85_1342177444 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0097.jpg_86_1342177446 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0098.jpg_87_1342177448 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0099.jpg_88_1342177450 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0100.jpg_89_1342177452 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0101.jpg_90_1342177454 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0102.jpg_91_1342177456 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0103.jpg_92_1342177458 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0105.jpg_93_1342177460 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0106.jpg_94_1342177462 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0107.jpg_95_1342177464 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0108.jpg_96_1342177466 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0109.jpg_97_1342177468 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0110.jpg_98_1342177470 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0111.jpg_99_1342177472 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0112.jpg_100_1342177474 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0114.jpg_101_1342177476 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0115.jpg_102_1342177478 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0116.jpg_103_1342177480 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0117.jpg_104_1342177482 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0118.jpg_105_1342177484 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0121.jpg_106_1342177486 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0122.jpg_107_1342177488 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0123.jpg_108_1342177490 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0124.jpg_109_1342177492 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0125.jpg_110_1342177494 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0127.jpg_111_1342177496 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0128.jpg_112_1342177498 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0129.jpg_113_1342177500 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0130.jpg_114_1342177502 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0131.jpg_115_1342177504 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0132.jpg_116_1342177506 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0133.jpg_117_1342177508 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0134.jpg_118_1342177510 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0135.jpg_119_1342177512 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0136.jpg_120_1342177514 Object is locked skipped

KatChick254
2008-01-08, 15:02
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0137.jpg_121_1342177516 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0138.jpg_122_1342177518 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0139.jpg_123_1342177520 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0140.jpg_124_1342177522 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0141.jpg_125_1342177524 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0142.jpg_126_1342177526 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0143.jpg_127_1342177528 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0144.jpg_128_1342177530 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0145.jpg_129_1342177532 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0146.jpg_130_1342177534 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0147.jpg_131_1342177536 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0148.jpg_132_1342177538 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0149.jpg_133_1342177540 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0150.jpg_134_1342177542 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0151.jpg_135_1342177544 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0152.jpg_136_1342177546 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0153.jpg_137_1342177548 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0154.jpg_138_1342177550 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0155.jpg_139_1342177552 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0156.jpg_140_1342177554 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0157.jpg_141_1342177556 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0158.jpg_142_1342177558 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0159.jpg_143_1342177560 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0160.jpg_144_1342177562 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0161.jpg_145_1342177564 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0162.jpg_146_1342177566 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0163.jpg_147_1342177568 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0164.jpg_148_1342177570 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0165.jpg_149_1342177572 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0166.jpg_150_1342177574 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0167.jpg_151_1342177576 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0168.jpg_152_1342177578 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0169.jpg_153_1342177580 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0170.jpg_154_1342177582 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0171.jpg_155_1342177584 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0172.jpg_156_1342177586 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0173.jpg_157_1342177588 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0174.jpg_158_1342177590 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0175.jpg_159_1342177592 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0176.jpg_160_1342177594 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0177.jpg_161_1342177596 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0178.jpg_162_1342177598 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0179.jpg_163_1342177600 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0180.jpg_164_1342177602 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0181.jpg_165_1342177604 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\FromCamera4028-1-2008-1-8-9-15-43-320\100_0182.jpg_166_1342177606 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\Perflib_Perfdata_540.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\Perflib_Perfdata_840.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF4AA1.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF4FF2.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF7071.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Admin.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Admin.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Admin.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B405AE1C-008E-4585-8348-F90BEF1069DB}\RP272\A0062318.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\System Volume Information\_restore{B405AE1C-008E-4585-8348-F90BEF1069DB}\RP306\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\2wswlog\2PortalMon_Debug.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\My Documents\knitting patterns\DUCKCLOTH.doc Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

pskelley
2008-01-10, 03:13
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

All I see is some adware, the one item Kaspersky finds is an infected System Restore file. Why exactly do you think you have "Virus threats on my computer" ?

You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly. Uninstall one, update the one you keep and run a complete system scan, post for me any item that can't be removed, the complete name and pathway.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp

C:\PROGRAM FILES~1\Grisoft\AVG7\
C:\Program Files\NavNT\vptray.exe (Norton AntiVirus Client)
Decide which you want to run and uninstall the other.


See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.6.0_01\ <<< out of date, download the newest version and uninstall all all versions in Add Remove programs.

See this information:
http://forums.spybot.info/showthread.php?t=282
http://www.nutnworks.com/SafeHex/file_sharing.htm
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
If you are going to use this program, I suggest you start and stop it in all programs and not allow it to run all of the time.

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm471YYUS
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart and post a new HJT log, tell me about any malware issues.

Once you have done that, follow the directions in this link to clean your System Restore files:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

KatChick254
2008-01-10, 06:04
Hi, pskelley. Thank you for responding so quickly to my post. :) I initially thought that I might have problems with my computer because

~it was running more slowly than usual even though I'd deleted cookies, etc

~SpyBot consistantly produced TagASaurus in my scan results and it was described as a Trojan

~As for that P2P program, I think one of my friends downloaded that. Is the best way to delete it through HTJ? I don't find it on my Add/Remove Programs list.

I have completed all the steps that you suggested in your reply. Here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:54 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Ringo\Hub.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Ringo Launcher.lnk = C:\Program Files\Ringo\Hub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Program Files\Y!mLite\ymlite.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://bookmarks.yahoo.com/YbConvFav.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10442 bytes

KatChick254
2008-01-10, 06:10
:oops: I'm sorry, I forgot in my last reply to mention that Norton will not let me remove it. I keep receiving a message telling my to insert a disk, which I don't have. Is there another way to remove it from my system? I prefer using AVG as my antivirus. Thanks!!!

pskelley
2008-01-10, 12:54
Thanks for returning your information and the feedback. You said:

~SpyBot consistantly produced TagASaurus in my scan results and it was described as a TrojanMay be a cookie, are you postive you are up to date and fully immunized when you run Spybot?
Tutorial: http://www.safer-networking.org/en/spybotsd15/index.html

It looks like the p2p program is gone from the HJT log, I will look at your uninstall list. Your HJT log looks clean of malware:bigthumb:

Try this information to clean the leftover Symantec/Norton.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)

Thanks

KatChick254
2008-01-11, 06:00
Hi again, pskelley. :) I looked at that link you sent me for removal of my Norton Antivirus, but I don't see my version listed there. According to the information in "About Norton" I have Norton Corporate Edition circa 2000. The Norton Ghost thing sounds vaguely familiar, but I didn't want to do any removing without instruction from someone who knows what they're doing. I went ahead and re-updated/re-immunized my SpyBot and my most recent scan was clean. Thanks so much for all your help! Here's the log you asked for:

2Wire Wireless Client
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Agere Systems PCI Soft Modem
AT&T Yahoo! Applications
AVG 7.5
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
CCScore
CloneCD
Digital Camera Driver
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Easy CD Creator 5 Platinum
eMusic Download Manager 3.0
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Hanes® T-ShirtMaker® Lite 3.0.0
HijackThis 2.0.2
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
Intel Application Accelerator
Intel(R) Extreme Graphics Driver
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
i-Sound WMA MP3 Recorder
iTunes
Java DB 10.2.2.0
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3
Kaspersky Online Scanner
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Move Networks Player for Internet Explorer
My Wal-Mart Digital Photo Center
netbrdg
Norton AntiVirus Corporate Edition
OfotoXMI
PowerDVD
QuickTime
Ringo Companion
SBC Yahoo! DSL Home Networking Installer
Serif DrawPlus 4.0
SFR
SHASTA
skin0001
SKINXSDK
SoundMAX
Spybot - Search & Destroy
staticcr
tooltips
VPRINTOL
WeatherBug
WinRAR archiver
WIRELESS
Xfire (remove only)
Yahoo! Anti-Spy
Yahoo! Photos Print-at-Home Tool

pskelley
2008-01-11, 13:55
Norton AntiVirus Corporate Edition
You should be able to uninstall that product from Add Remove programs? If not, and it is not on the list Symantec/Norton provides, I suggest you contact tech support for help.

http://www.symantec.com/support/index.jsp

For your information:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.